11241100x8000000000000000750033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915f352375c091362021-12-20 15:52:18.174root 11241100x8000000000000000750034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e158602afdda98362021-12-20 15:52:18.174root 11241100x8000000000000000750035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f456eee4141a76f2021-12-20 15:52:18.174root 11241100x8000000000000000750036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62c1332c3a373cc2021-12-20 15:52:18.175root 11241100x8000000000000000750037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f413130d1d5e18a22021-12-20 15:52:18.175root 11241100x8000000000000000750038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d7711e6e8aade62021-12-20 15:52:18.175root 11241100x8000000000000000750039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad659fafe203b0bd2021-12-20 15:52:18.175root 11241100x8000000000000000750040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a96c0bee6bc9f312021-12-20 15:52:18.175root 11241100x8000000000000000750041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6b7f2808705c6f2021-12-20 15:52:18.674root 11241100x8000000000000000750042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a5fb769c7814252021-12-20 15:52:18.674root 11241100x8000000000000000750043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b4aae4121c9f462021-12-20 15:52:18.674root 11241100x8000000000000000750044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865df696b1eeab352021-12-20 15:52:18.675root 11241100x8000000000000000750045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2cbc1e2dd6d8b02021-12-20 15:52:18.675root 11241100x8000000000000000750046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91662f7ef054a962021-12-20 15:52:18.675root 11241100x8000000000000000750047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679fa24e711984872021-12-20 15:52:18.675root 11241100x8000000000000000750048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caaab0374ecc0d02021-12-20 15:52:18.675root 11241100x8000000000000000750049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871fdbc7f6e97a442021-12-20 15:52:19.174root 11241100x8000000000000000750050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43171ca19d2cc4d82021-12-20 15:52:19.174root 11241100x8000000000000000750051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f40ebf4d67dee52021-12-20 15:52:19.174root 11241100x8000000000000000750052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328e1c78998438462021-12-20 15:52:19.175root 11241100x8000000000000000750053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816e78069927d7962021-12-20 15:52:19.175root 11241100x8000000000000000750054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1441cb8f0bcebc2021-12-20 15:52:19.175root 11241100x8000000000000000750055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebb5456501efbb52021-12-20 15:52:19.175root 11241100x8000000000000000750056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73cdfff984c6a192021-12-20 15:52:19.175root 11241100x8000000000000000750057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448b624cd485327e2021-12-20 15:52:19.674root 11241100x8000000000000000750058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce76b09ef9001a132021-12-20 15:52:19.674root 11241100x8000000000000000750059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a18299b538dbbf2021-12-20 15:52:19.674root 11241100x8000000000000000750060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb19be483046c7b32021-12-20 15:52:19.674root 11241100x8000000000000000750061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0403a95c74a1218e2021-12-20 15:52:19.674root 11241100x8000000000000000750062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41800e6cff7aa0232021-12-20 15:52:19.674root 11241100x8000000000000000750063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a01a53331705f9e2021-12-20 15:52:19.674root 11241100x8000000000000000750064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a006a52e18d26c2021-12-20 15:52:19.674root 354300x8000000000000000750065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.020{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46006-false10.0.1.12-8089- 11241100x8000000000000000750066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.020{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2c0e390fdc46132021-12-20 15:52:20.020root 11241100x8000000000000000750067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.020{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67673cf5223ff4ea2021-12-20 15:52:20.020root 11241100x8000000000000000750068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.020{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e29ea8756a867542021-12-20 15:52:20.020root 11241100x8000000000000000750069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.021{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73b6d00518b011a2021-12-20 15:52:20.021root 11241100x8000000000000000750070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.021{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df57fa40536ffa72021-12-20 15:52:20.021root 11241100x8000000000000000750071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.021{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ce1a8c4eca8e252021-12-20 15:52:20.021root 11241100x8000000000000000750072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.021{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e3d2d39c77888e2021-12-20 15:52:20.021root 11241100x8000000000000000750073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.022{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff0f71246f51d162021-12-20 15:52:20.022root 11241100x8000000000000000750074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.022{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f420c5f67a5b6362021-12-20 15:52:20.022root 354300x8000000000000000750075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.251{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51306-false10.0.1.12-8000- 11241100x8000000000000000750076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599b12cbe9a6a3ea2021-12-20 15:52:20.424root 11241100x8000000000000000750077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cd1972ea4cd5a22021-12-20 15:52:20.424root 11241100x8000000000000000750078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a36429198602db2021-12-20 15:52:20.424root 11241100x8000000000000000750079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fa0c3d6d4d19b52021-12-20 15:52:20.424root 11241100x8000000000000000750080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ee2f25a8b5035b2021-12-20 15:52:20.424root 11241100x8000000000000000750081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a077ab26bbe994e82021-12-20 15:52:20.424root 11241100x8000000000000000750082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8d56f1761c85582021-12-20 15:52:20.425root 11241100x8000000000000000750083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00606a363480ce122021-12-20 15:52:20.425root 11241100x8000000000000000750084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ec70f2532e48362021-12-20 15:52:20.425root 11241100x8000000000000000750085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30beb18f934fffb2021-12-20 15:52:20.425root 11241100x8000000000000000750086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28b63faf083026c2021-12-20 15:52:20.924root 11241100x8000000000000000750087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c519c406f241b5932021-12-20 15:52:20.924root 11241100x8000000000000000750088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10862ff528303bad2021-12-20 15:52:20.924root 11241100x8000000000000000750089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c92e0837d591ff02021-12-20 15:52:20.924root 11241100x8000000000000000750090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74fc70a83c83f172021-12-20 15:52:20.924root 11241100x8000000000000000750091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb9a5a1d77e26ba2021-12-20 15:52:20.924root 11241100x8000000000000000750092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c080e07989f873e82021-12-20 15:52:20.925root 11241100x8000000000000000750093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baefbbd24b1b9f22021-12-20 15:52:20.925root 11241100x8000000000000000750094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecccb6dadccdcdfe2021-12-20 15:52:20.925root 11241100x8000000000000000750095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8537a0ccf2d6e9432021-12-20 15:52:20.925root 11241100x8000000000000000750096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d1479fdfb4316f2021-12-20 15:52:21.424root 11241100x8000000000000000750097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2630aefa38e592f2021-12-20 15:52:21.424root 11241100x8000000000000000750098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c985972fd998988b2021-12-20 15:52:21.424root 11241100x8000000000000000750099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa373490300fa7112021-12-20 15:52:21.424root 11241100x8000000000000000750100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd1b7249e8ef8932021-12-20 15:52:21.424root 11241100x8000000000000000750101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994e1d73f572280b2021-12-20 15:52:21.425root 11241100x8000000000000000750102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46bfec361eeaf402021-12-20 15:52:21.425root 11241100x8000000000000000750103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6851a3748e49662021-12-20 15:52:21.425root 11241100x8000000000000000750104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2314e643e1ef4dbd2021-12-20 15:52:21.425root 11241100x8000000000000000750105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb1a96ed997ea0e2021-12-20 15:52:21.425root 11241100x8000000000000000750106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54995b172da5eb6e2021-12-20 15:52:21.924root 11241100x8000000000000000750107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6ba6fa27d2602e2021-12-20 15:52:21.924root 11241100x8000000000000000750108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518803e4b07a8a352021-12-20 15:52:21.924root 11241100x8000000000000000750109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626fb9441d5a76da2021-12-20 15:52:21.924root 11241100x8000000000000000750110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7799e72e2c6d263b2021-12-20 15:52:21.925root 11241100x8000000000000000750111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cf2dfde0ebbfb12021-12-20 15:52:21.925root 11241100x8000000000000000750112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529eaa699a6bb32c2021-12-20 15:52:21.925root 11241100x8000000000000000750113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3df814ae77b31cb2021-12-20 15:52:21.925root 11241100x8000000000000000750114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4de44a53cb90cb2021-12-20 15:52:21.925root 11241100x8000000000000000750115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38a6ae2fd8c418d2021-12-20 15:52:21.925root 11241100x8000000000000000750116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd90addb077e3ba22021-12-20 15:52:22.424root 11241100x8000000000000000750117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342e38309c7a31662021-12-20 15:52:22.424root 11241100x8000000000000000750118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a291e428e096f362021-12-20 15:52:22.424root 11241100x8000000000000000750119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f79ff487720855c2021-12-20 15:52:22.424root 11241100x8000000000000000750120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4499296200b435792021-12-20 15:52:22.424root 11241100x8000000000000000750121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ce28aec9b4191c2021-12-20 15:52:22.424root 11241100x8000000000000000750122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0128af9b4c3620b72021-12-20 15:52:22.424root 11241100x8000000000000000750123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f6dd2058299dd52021-12-20 15:52:22.424root 11241100x8000000000000000750124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f904428f1e660992021-12-20 15:52:22.425root 11241100x8000000000000000750125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e96d3aa57b57a42021-12-20 15:52:22.425root 11241100x8000000000000000750126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22933f81f20fc0b02021-12-20 15:52:22.924root 11241100x8000000000000000750127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748fc8ddedcc5ad72021-12-20 15:52:22.924root 11241100x8000000000000000750128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1783477004e3ed2021-12-20 15:52:22.924root 11241100x8000000000000000750129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247f9a860634e7662021-12-20 15:52:22.924root 11241100x8000000000000000750130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0f24c77cf58f062021-12-20 15:52:22.924root 11241100x8000000000000000750131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff9f58186c5cc652021-12-20 15:52:22.924root 11241100x8000000000000000750132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebaff1594789c2f2021-12-20 15:52:22.924root 11241100x8000000000000000750133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c14ff12943713522021-12-20 15:52:22.925root 11241100x8000000000000000750134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54a69438bbc0e9d2021-12-20 15:52:22.925root 11241100x8000000000000000750135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf4b45abe44d0872021-12-20 15:52:22.925root 11241100x8000000000000000750136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a50dd34f311bb32021-12-20 15:52:23.424root 11241100x8000000000000000750137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4c11f814bf57b62021-12-20 15:52:23.424root 11241100x8000000000000000750138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d0f575b23f93502021-12-20 15:52:23.424root 11241100x8000000000000000750139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e16a5386eeaa4072021-12-20 15:52:23.424root 11241100x8000000000000000750140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df7c8b8fcc253142021-12-20 15:52:23.424root 11241100x8000000000000000750141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf141132a909eb92021-12-20 15:52:23.424root 11241100x8000000000000000750142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e602b13ef0e6fbfc2021-12-20 15:52:23.424root 11241100x8000000000000000750143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6fbcf5a00ddc782021-12-20 15:52:23.424root 11241100x8000000000000000750144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44148dd6ed72e8d32021-12-20 15:52:23.425root 11241100x8000000000000000750145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d2d79372d4e7982021-12-20 15:52:23.425root 11241100x8000000000000000750146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16556525f71d73462021-12-20 15:52:23.924root 11241100x8000000000000000750147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404b422219b570642021-12-20 15:52:23.924root 11241100x8000000000000000750148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e665570d7e26d8c92021-12-20 15:52:23.924root 11241100x8000000000000000750149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdaae8bdb1ad1c842021-12-20 15:52:23.924root 11241100x8000000000000000750150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06056d4237010562021-12-20 15:52:23.924root 11241100x8000000000000000750151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0af0d9d0f51a72021-12-20 15:52:23.924root 11241100x8000000000000000750152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1257717ed3ace2b32021-12-20 15:52:23.924root 11241100x8000000000000000750153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dd3a1c6e594a552021-12-20 15:52:23.924root 11241100x8000000000000000750154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85b12863d1c636d2021-12-20 15:52:23.925root 11241100x8000000000000000750155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5d76a36e2ead392021-12-20 15:52:23.925root 11241100x8000000000000000750156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0439c68eea9c380d2021-12-20 15:52:24.424root 11241100x8000000000000000750157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad4ba248257fc522021-12-20 15:52:24.424root 11241100x8000000000000000750158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ea53a6449e71be2021-12-20 15:52:24.424root 11241100x8000000000000000750159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9e6ceefb1b99232021-12-20 15:52:24.424root 11241100x8000000000000000750160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1703e4cc33c453e82021-12-20 15:52:24.424root 11241100x8000000000000000750161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdc06ecc3bdad732021-12-20 15:52:24.424root 11241100x8000000000000000750162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471533f2a6ec8d542021-12-20 15:52:24.424root 11241100x8000000000000000750163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633da6be506c85a92021-12-20 15:52:24.425root 11241100x8000000000000000750164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce455a58b3abd67c2021-12-20 15:52:24.425root 11241100x8000000000000000750165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c54c1f5ce7f80a82021-12-20 15:52:24.425root 11241100x8000000000000000750166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c30428935a86cf2021-12-20 15:52:24.924root 11241100x8000000000000000750167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbce94e4c32b38a2021-12-20 15:52:24.924root 11241100x8000000000000000750168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef82a0ea9cdee33a2021-12-20 15:52:24.924root 11241100x8000000000000000750169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38889a70609fe5192021-12-20 15:52:24.924root 11241100x8000000000000000750170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7108c3ead7c122b02021-12-20 15:52:24.924root 11241100x8000000000000000750171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7bc25223a95d1e2021-12-20 15:52:24.924root 11241100x8000000000000000750172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6af0335fc833c02021-12-20 15:52:24.924root 11241100x8000000000000000750173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92de5e2af2cebdc62021-12-20 15:52:24.925root 11241100x8000000000000000750174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecd5931687a76752021-12-20 15:52:24.925root 11241100x8000000000000000750175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e8c43d49d81e322021-12-20 15:52:24.925root 11241100x8000000000000000750176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcf83103ca6354a2021-12-20 15:52:25.424root 11241100x8000000000000000750177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17e278ab2509fe02021-12-20 15:52:25.424root 11241100x8000000000000000750178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7441005c520df3682021-12-20 15:52:25.424root 11241100x8000000000000000750179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a53b791670e30b2021-12-20 15:52:25.424root 11241100x8000000000000000750180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d43ed6c81c5c08f2021-12-20 15:52:25.424root 11241100x8000000000000000750181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca994ae5ee63bcb92021-12-20 15:52:25.424root 11241100x8000000000000000750182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287f46bdbbb42ef42021-12-20 15:52:25.425root 11241100x8000000000000000750183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eb210e21b27d982021-12-20 15:52:25.425root 11241100x8000000000000000750184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5201c851f47c8ea02021-12-20 15:52:25.425root 11241100x8000000000000000750185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930b7947abd4b86b2021-12-20 15:52:25.425root 11241100x8000000000000000750186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82725a2324cac34d2021-12-20 15:52:25.924root 11241100x8000000000000000750187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b4cd9ede1a38222021-12-20 15:52:25.924root 11241100x8000000000000000750188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a856b09b6ad97d2021-12-20 15:52:25.924root 11241100x8000000000000000750189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940b94152f312b02021-12-20 15:52:25.924root 11241100x8000000000000000750190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f43a8b1088b071f2021-12-20 15:52:25.925root 11241100x8000000000000000750191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1f65c4b5e3097e2021-12-20 15:52:25.925root 11241100x8000000000000000750192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5793aad76da632732021-12-20 15:52:25.925root 11241100x8000000000000000750193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b522262bcd049ce2021-12-20 15:52:25.925root 11241100x8000000000000000750194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3adbae4d351ca202021-12-20 15:52:25.925root 11241100x8000000000000000750195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326f7f6bc60976cf2021-12-20 15:52:25.925root 354300x8000000000000000750196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.210{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51308-false10.0.1.12-8000- 11241100x8000000000000000750197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba447fa1b437a0fa2021-12-20 15:52:26.211root 11241100x8000000000000000750198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497891e809f0dae02021-12-20 15:52:26.211root 11241100x8000000000000000750199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42056d6f1a64d31b2021-12-20 15:52:26.211root 11241100x8000000000000000750200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f810dc7c4c713aaa2021-12-20 15:52:26.211root 11241100x8000000000000000750201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf79c82680e75312021-12-20 15:52:26.212root 11241100x8000000000000000750202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116c3ef3cdac57e92021-12-20 15:52:26.212root 11241100x8000000000000000750203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0347df4c9ddb862021-12-20 15:52:26.212root 11241100x8000000000000000750204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e303fa40ed4970892021-12-20 15:52:26.212root 11241100x8000000000000000750205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cec5f8af3f72b742021-12-20 15:52:26.212root 11241100x8000000000000000750206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e8aea293bb10b72021-12-20 15:52:26.212root 11241100x8000000000000000750207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ae0b7e1d9ef8de2021-12-20 15:52:26.212root 11241100x8000000000000000750208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d0e52344ee867d2021-12-20 15:52:26.674root 11241100x8000000000000000750209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e55a20cd0e799882021-12-20 15:52:26.674root 11241100x8000000000000000750210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a0dd3477d65d5e2021-12-20 15:52:26.674root 11241100x8000000000000000750211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8005730d37e93fe92021-12-20 15:52:26.675root 11241100x8000000000000000750212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4a0ccb21acc6642021-12-20 15:52:26.675root 11241100x8000000000000000750213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df5b88896d08b9b2021-12-20 15:52:26.675root 11241100x8000000000000000750214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a77ce9c06cd1cf2021-12-20 15:52:26.675root 11241100x8000000000000000750215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4e843d3f6cf82c2021-12-20 15:52:26.675root 11241100x8000000000000000750216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbd4b066cb5a69d2021-12-20 15:52:26.675root 11241100x8000000000000000750217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b405216a4423b2822021-12-20 15:52:26.675root 11241100x8000000000000000750218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a830717bfa528def2021-12-20 15:52:26.675root 11241100x8000000000000000750219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d7fdb3ed8d754c2021-12-20 15:52:27.174root 11241100x8000000000000000750220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693046ff7fd55bad2021-12-20 15:52:27.174root 11241100x8000000000000000750221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e32e0bd6d2865d72021-12-20 15:52:27.174root 11241100x8000000000000000750222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc07651821186a12021-12-20 15:52:27.174root 11241100x8000000000000000750223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2157b65f3715712021-12-20 15:52:27.174root 11241100x8000000000000000750224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb0fd8b577e128c2021-12-20 15:52:27.174root 11241100x8000000000000000750225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7919d36f954e8a2021-12-20 15:52:27.175root 11241100x8000000000000000750226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3a7558255cd7522021-12-20 15:52:27.175root 11241100x8000000000000000750227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a6d09d1898fd312021-12-20 15:52:27.175root 11241100x8000000000000000750228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e408aaef50ea482021-12-20 15:52:27.175root 11241100x8000000000000000750229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff194d89947a60d2021-12-20 15:52:27.175root 11241100x8000000000000000750230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ce4789c631dd0a2021-12-20 15:52:27.674root 11241100x8000000000000000750231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efa0ba54d7aa5942021-12-20 15:52:27.674root 11241100x8000000000000000750232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bee2acfac12c262021-12-20 15:52:27.674root 11241100x8000000000000000750233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a381af7efc4053012021-12-20 15:52:27.674root 11241100x8000000000000000750234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92c075bec54e5d32021-12-20 15:52:27.675root 11241100x8000000000000000750235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f27860762d69bf2021-12-20 15:52:27.675root 11241100x8000000000000000750236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb6d8c230a7285e2021-12-20 15:52:27.675root 11241100x8000000000000000750237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a177be432c8cb5e2021-12-20 15:52:27.675root 11241100x8000000000000000750238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586438abfc5147e12021-12-20 15:52:27.675root 11241100x8000000000000000750239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ff6c641b1ce9082021-12-20 15:52:27.675root 11241100x8000000000000000750240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9ff49d5a5b93842021-12-20 15:52:27.675root 11241100x8000000000000000750241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7e9ce906913c262021-12-20 15:52:28.174root 11241100x8000000000000000750242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cf32707cd7c8402021-12-20 15:52:28.174root 11241100x8000000000000000750243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0cc033225e34c92021-12-20 15:52:28.174root 11241100x8000000000000000750244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409900c7da7c310a2021-12-20 15:52:28.174root 11241100x8000000000000000750245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eb438979ecbfa62021-12-20 15:52:28.174root 11241100x8000000000000000750246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908fa07aa1db4f342021-12-20 15:52:28.174root 11241100x8000000000000000750247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fb19c9f1dea9ac2021-12-20 15:52:28.174root 11241100x8000000000000000750248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752698f45eaaa29f2021-12-20 15:52:28.174root 11241100x8000000000000000750249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6968e473bae7fb2021-12-20 15:52:28.175root 11241100x8000000000000000750250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37734eca7e35c6382021-12-20 15:52:28.175root 11241100x8000000000000000750251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95c0d4edf8c69762021-12-20 15:52:28.175root 11241100x8000000000000000750252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b8aa914bf000762021-12-20 15:52:28.674root 11241100x8000000000000000750253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f9574abb6b67f12021-12-20 15:52:28.674root 11241100x8000000000000000750254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868be03aeeb2a0452021-12-20 15:52:28.674root 11241100x8000000000000000750255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d8eaa36d360c082021-12-20 15:52:28.675root 11241100x8000000000000000750256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabb3648f5e36ff52021-12-20 15:52:28.675root 11241100x8000000000000000750257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccf53c30b5acdac2021-12-20 15:52:28.675root 11241100x8000000000000000750258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6816b406dcbb5b2021-12-20 15:52:28.675root 11241100x8000000000000000750259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9101f85a793b2a6b2021-12-20 15:52:28.676root 11241100x8000000000000000750260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d13d95b120faa842021-12-20 15:52:28.676root 11241100x8000000000000000750261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400be2a67b6b6ab32021-12-20 15:52:28.676root 11241100x8000000000000000750262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782b89edfbdd7e562021-12-20 15:52:28.676root 11241100x8000000000000000750263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2091632d67bf0ff42021-12-20 15:52:29.174root 11241100x8000000000000000750264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90028d67a48c71d22021-12-20 15:52:29.174root 11241100x8000000000000000750265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df04e5879270f2e2021-12-20 15:52:29.174root 11241100x8000000000000000750266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f392e8c59b45dd92021-12-20 15:52:29.175root 11241100x8000000000000000750267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694609b1e15131cb2021-12-20 15:52:29.175root 11241100x8000000000000000750268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91803ed955006dd82021-12-20 15:52:29.175root 11241100x8000000000000000750269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca12ac4a0678ac0c2021-12-20 15:52:29.175root 11241100x8000000000000000750270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115e30d4c0d3ad0a2021-12-20 15:52:29.175root 11241100x8000000000000000750271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630fe6e5b386be452021-12-20 15:52:29.175root 11241100x8000000000000000750272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040ac09803df66ad2021-12-20 15:52:29.175root 11241100x8000000000000000750273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98db8f5d6fd01fb2021-12-20 15:52:29.175root 11241100x8000000000000000750274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4aec33735a84da2021-12-20 15:52:29.674root 11241100x8000000000000000750275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b23a7089ba8cef2021-12-20 15:52:29.674root 11241100x8000000000000000750276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e249e18a5a1b7d2021-12-20 15:52:29.674root 11241100x8000000000000000750277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0b29adf27f79702021-12-20 15:52:29.674root 11241100x8000000000000000750278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ffb885cf445e952021-12-20 15:52:29.674root 11241100x8000000000000000750279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f23d994b13136422021-12-20 15:52:29.675root 11241100x8000000000000000750280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec78a6aa79e73c632021-12-20 15:52:29.675root 11241100x8000000000000000750281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8304e0eed820e3b2021-12-20 15:52:29.675root 11241100x8000000000000000750282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa245b931fe10692021-12-20 15:52:29.675root 11241100x8000000000000000750283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4162423bf78e102021-12-20 15:52:29.675root 11241100x8000000000000000750284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9175bb9611449f7f2021-12-20 15:52:29.675root 11241100x8000000000000000750285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c26903e0d40c792021-12-20 15:52:30.174root 11241100x8000000000000000750286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b44a98fca132462021-12-20 15:52:30.174root 11241100x8000000000000000750287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f4c635376b0c4a2021-12-20 15:52:30.174root 11241100x8000000000000000750288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb565aab82a26ad22021-12-20 15:52:30.174root 11241100x8000000000000000750289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ed42c11a157b0d2021-12-20 15:52:30.174root 11241100x8000000000000000750290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4880bab6a3daeb982021-12-20 15:52:30.175root 11241100x8000000000000000750291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b4870edec16e492021-12-20 15:52:30.175root 11241100x8000000000000000750292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c912277882f443852021-12-20 15:52:30.175root 11241100x8000000000000000750293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc5870c5b61336c2021-12-20 15:52:30.175root 11241100x8000000000000000750294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb8d062298d98d72021-12-20 15:52:30.175root 11241100x8000000000000000750295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272deff373dea56b2021-12-20 15:52:30.175root 11241100x8000000000000000750296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3793c01f3798b12021-12-20 15:52:30.674root 11241100x8000000000000000750297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc726984d332a1d52021-12-20 15:52:30.674root 11241100x8000000000000000750298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd48bd7a0774f752021-12-20 15:52:30.674root 11241100x8000000000000000750299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef06424705372d82021-12-20 15:52:30.674root 11241100x8000000000000000750300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71933d94cb271b02021-12-20 15:52:30.674root 11241100x8000000000000000750301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaa08747822c7ae2021-12-20 15:52:30.675root 11241100x8000000000000000750302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aff9a870a1e1e962021-12-20 15:52:30.675root 11241100x8000000000000000750303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8aa7949c6779002021-12-20 15:52:30.675root 11241100x8000000000000000750304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e32fd7abc0eb452021-12-20 15:52:30.675root 11241100x8000000000000000750305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd2fb4a0d5593732021-12-20 15:52:30.675root 11241100x8000000000000000750306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71bb512b8877d642021-12-20 15:52:30.675root 11241100x8000000000000000750307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920a595b900d04622021-12-20 15:52:31.174root 11241100x8000000000000000750308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce40381e528d2e532021-12-20 15:52:31.174root 11241100x8000000000000000750309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0a875dec5e3e952021-12-20 15:52:31.174root 11241100x8000000000000000750310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93968d15d5608932021-12-20 15:52:31.174root 11241100x8000000000000000750311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e123371f84f32e932021-12-20 15:52:31.174root 11241100x8000000000000000750312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f368172adeb455152021-12-20 15:52:31.175root 11241100x8000000000000000750313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2ca544ea163adc2021-12-20 15:52:31.175root 11241100x8000000000000000750314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbc694d4a5b10f32021-12-20 15:52:31.175root 11241100x8000000000000000750315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f764bc64663e602021-12-20 15:52:31.175root 11241100x8000000000000000750316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cb33982ac9d9042021-12-20 15:52:31.175root 11241100x8000000000000000750317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04cd56dd9a572312021-12-20 15:52:31.175root 11241100x8000000000000000750318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eec461bd73cc1bd2021-12-20 15:52:31.674root 11241100x8000000000000000750319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298606c354cbc93f2021-12-20 15:52:31.674root 11241100x8000000000000000750320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400c9fa13f1dda9e2021-12-20 15:52:31.675root 11241100x8000000000000000750321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fc4c3f5d3c29a22021-12-20 15:52:31.675root 11241100x8000000000000000750322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e774e39b65293abb2021-12-20 15:52:31.675root 11241100x8000000000000000750323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb37bffe0d261382021-12-20 15:52:31.676root 11241100x8000000000000000750324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bbd4c0c6e457612021-12-20 15:52:31.676root 11241100x8000000000000000750325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0b6c3c89ec4462021-12-20 15:52:31.676root 11241100x8000000000000000750326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7cd969a494e2ee2021-12-20 15:52:31.676root 11241100x8000000000000000750327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d250230db61010c2021-12-20 15:52:31.676root 11241100x8000000000000000750328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a422f0f2f4b0df2021-12-20 15:52:31.676root 11241100x8000000000000000750329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af494927dd6391a2021-12-20 15:52:32.174root 11241100x8000000000000000750330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b4d42a30a099f62021-12-20 15:52:32.174root 11241100x8000000000000000750331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e3451195d821ce2021-12-20 15:52:32.174root 11241100x8000000000000000750332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da95d2aeeb989252021-12-20 15:52:32.174root 11241100x8000000000000000750333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bff6a7686bcfb02021-12-20 15:52:32.174root 11241100x8000000000000000750334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9799716caf182232021-12-20 15:52:32.175root 11241100x8000000000000000750335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fa0bd32afe3d9e2021-12-20 15:52:32.175root 11241100x8000000000000000750336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2b804c2a7ac4a2021-12-20 15:52:32.175root 11241100x8000000000000000750337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f034113988285c742021-12-20 15:52:32.175root 11241100x8000000000000000750338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa34a46a0847a4f2021-12-20 15:52:32.175root 11241100x8000000000000000750339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f054729e5d8390f62021-12-20 15:52:32.175root 354300x8000000000000000750340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.196{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51310-false10.0.1.12-8000- 11241100x8000000000000000750341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5db102a4a088f32021-12-20 15:52:32.674root 11241100x8000000000000000750342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6e7de1aa160f3a2021-12-20 15:52:32.675root 11241100x8000000000000000750343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81383f1f118fb8d2021-12-20 15:52:32.675root 11241100x8000000000000000750344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fd0a00df11c01f2021-12-20 15:52:32.675root 11241100x8000000000000000750345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576213bdae1d02342021-12-20 15:52:32.675root 11241100x8000000000000000750346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e75f66cbc684ba2021-12-20 15:52:32.675root 11241100x8000000000000000750347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a524fbec67effdf2021-12-20 15:52:32.675root 11241100x8000000000000000750348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d95919ca6fea7b72021-12-20 15:52:32.675root 11241100x8000000000000000750349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c63427d4c0f6a862021-12-20 15:52:32.675root 11241100x8000000000000000750350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b822ae707ad6c12021-12-20 15:52:32.675root 11241100x8000000000000000750351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d281b526bd411432021-12-20 15:52:32.675root 11241100x8000000000000000750352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b44e7d3030803c2021-12-20 15:52:32.676root 11241100x8000000000000000750353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aeb4cc9635a0622021-12-20 15:52:33.174root 11241100x8000000000000000750354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ad42e7e6275a202021-12-20 15:52:33.174root 11241100x8000000000000000750355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b4417d8956c4452021-12-20 15:52:33.174root 11241100x8000000000000000750356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178cc1b4a8c1ff5e2021-12-20 15:52:33.174root 11241100x8000000000000000750357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd978b2c7579cc32021-12-20 15:52:33.174root 11241100x8000000000000000750358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a352d2523456cf82021-12-20 15:52:33.174root 11241100x8000000000000000750359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a302d8a9488f61cf2021-12-20 15:52:33.175root 11241100x8000000000000000750360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed449e091b84c9822021-12-20 15:52:33.175root 11241100x8000000000000000750361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb43b5a0e9288e22021-12-20 15:52:33.175root 11241100x8000000000000000750362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc354137b50fa9192021-12-20 15:52:33.175root 11241100x8000000000000000750363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e538fdf4656421ce2021-12-20 15:52:33.175root 11241100x8000000000000000750364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2b46a5766645ce2021-12-20 15:52:33.175root 11241100x8000000000000000750365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad5904dc21dfd152021-12-20 15:52:33.674root 11241100x8000000000000000750366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a174e9302fb6632021-12-20 15:52:33.674root 11241100x8000000000000000750367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71760b49afae057e2021-12-20 15:52:33.674root 11241100x8000000000000000750368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfada534414618c92021-12-20 15:52:33.674root 11241100x8000000000000000750369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bca30fd00d3e6d62021-12-20 15:52:33.674root 11241100x8000000000000000750370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32d939896506f102021-12-20 15:52:33.674root 11241100x8000000000000000750371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d5c39f73c1a8642021-12-20 15:52:33.675root 11241100x8000000000000000750372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ab4ab766fd74b32021-12-20 15:52:33.675root 11241100x8000000000000000750373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6485aafae54089162021-12-20 15:52:33.675root 11241100x8000000000000000750374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3150be2d89adf22021-12-20 15:52:33.675root 11241100x8000000000000000750375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b185f60830b92e852021-12-20 15:52:33.675root 11241100x8000000000000000750376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17dcbecfe3febef2021-12-20 15:52:33.675root 11241100x8000000000000000750377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6250e270490df7e92021-12-20 15:52:34.174root 11241100x8000000000000000750378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a2f73a25057cc42021-12-20 15:52:34.174root 11241100x8000000000000000750379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ecb394e1c7c4ab2021-12-20 15:52:34.174root 11241100x8000000000000000750380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484d0ade15900cc92021-12-20 15:52:34.174root 11241100x8000000000000000750381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c65be30d0fc70c22021-12-20 15:52:34.174root 11241100x8000000000000000750382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30daebc910102e5d2021-12-20 15:52:34.174root 11241100x8000000000000000750383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b273204f164922652021-12-20 15:52:34.174root 11241100x8000000000000000750384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59535de8d35254df2021-12-20 15:52:34.175root 11241100x8000000000000000750385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca958665247503d2021-12-20 15:52:34.175root 11241100x8000000000000000750386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03872569cd1889b82021-12-20 15:52:34.175root 11241100x8000000000000000750387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0824d41471d963822021-12-20 15:52:34.175root 11241100x8000000000000000750388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8a4fcc0c9f83092021-12-20 15:52:34.175root 11241100x8000000000000000750389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3f18424da9a7ea2021-12-20 15:52:34.674root 11241100x8000000000000000750390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcf442575c69ab42021-12-20 15:52:34.674root 11241100x8000000000000000750391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b068cda05c7b45272021-12-20 15:52:34.674root 11241100x8000000000000000750392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4df853d0237ec32021-12-20 15:52:34.674root 11241100x8000000000000000750393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f345bfea5d589d42021-12-20 15:52:34.674root 11241100x8000000000000000750394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0ec258eb03d7332021-12-20 15:52:34.675root 11241100x8000000000000000750395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47298fba9dd10d642021-12-20 15:52:34.675root 11241100x8000000000000000750396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f638afa89e66c57f2021-12-20 15:52:34.675root 11241100x8000000000000000750397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd4ebc99b67eeb92021-12-20 15:52:34.675root 11241100x8000000000000000750398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229f67947cedd0ba2021-12-20 15:52:34.675root 11241100x8000000000000000750399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8a3fe5af54d7de2021-12-20 15:52:34.675root 11241100x8000000000000000750400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1010378d203629e02021-12-20 15:52:34.675root 11241100x8000000000000000750401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b076c39b8334e7dd2021-12-20 15:52:35.174root 11241100x8000000000000000750402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6847fcc280ce2b842021-12-20 15:52:35.174root 11241100x8000000000000000750403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e039c3ab55a6caeb2021-12-20 15:52:35.174root 11241100x8000000000000000750404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044520e170e6957c2021-12-20 15:52:35.174root 11241100x8000000000000000750405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa4909218c4a4f12021-12-20 15:52:35.175root 11241100x8000000000000000750406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482029ff93f255322021-12-20 15:52:35.175root 11241100x8000000000000000750407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d06bdff5d379b92021-12-20 15:52:35.175root 11241100x8000000000000000750408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71af83b730b9be442021-12-20 15:52:35.175root 11241100x8000000000000000750409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51980928302c83cd2021-12-20 15:52:35.175root 11241100x8000000000000000750410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1116c970f242046e2021-12-20 15:52:35.175root 11241100x8000000000000000750411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee8227f805993d32021-12-20 15:52:35.175root 11241100x8000000000000000750412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52869133a8abfda52021-12-20 15:52:35.175root 11241100x8000000000000000750413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f497b489bffa8e8e2021-12-20 15:52:35.674root 11241100x8000000000000000750414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653dc86dc2ec32642021-12-20 15:52:35.674root 11241100x8000000000000000750415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1742ad7804b346e62021-12-20 15:52:35.674root 11241100x8000000000000000750416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25e787e2e2986002021-12-20 15:52:35.674root 11241100x8000000000000000750417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc76e7d6d10c73d2021-12-20 15:52:35.674root 11241100x8000000000000000750418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de12cca84e012a652021-12-20 15:52:35.674root 11241100x8000000000000000750419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282c3ec22239d13c2021-12-20 15:52:35.675root 11241100x8000000000000000750420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c4ac5c6cd184e02021-12-20 15:52:35.675root 11241100x8000000000000000750421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442f87f81126a8232021-12-20 15:52:35.675root 11241100x8000000000000000750422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a117adc83096bc2021-12-20 15:52:35.675root 11241100x8000000000000000750423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737d6913c8b652bb2021-12-20 15:52:35.675root 11241100x8000000000000000750424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9916acfdfc0894682021-12-20 15:52:35.675root 11241100x8000000000000000750425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:52:36.069root 11241100x8000000000000000750426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ed233900d7296b2021-12-20 15:52:36.071root 11241100x8000000000000000750427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85467aff009a14662021-12-20 15:52:36.071root 11241100x8000000000000000750428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc2995315d0de122021-12-20 15:52:36.071root 11241100x8000000000000000750429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9213364fd01048692021-12-20 15:52:36.071root 11241100x8000000000000000750430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ea7b83f9da9fe62021-12-20 15:52:36.071root 11241100x8000000000000000750431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bf6da4b1fb872e2021-12-20 15:52:36.071root 11241100x8000000000000000750432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce69e939ca13c582021-12-20 15:52:36.071root 11241100x8000000000000000750433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa87a518af2728b32021-12-20 15:52:36.072root 11241100x8000000000000000750434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0217c4a51a73d62021-12-20 15:52:36.072root 11241100x8000000000000000750435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179c0a609eafefe32021-12-20 15:52:36.072root 11241100x8000000000000000750436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4182a5f9f00ab52021-12-20 15:52:36.072root 11241100x8000000000000000750437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9306519fb907e922021-12-20 15:52:36.073root 11241100x8000000000000000750438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d968646c5ed96022021-12-20 15:52:36.424root 11241100x8000000000000000750439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9084a6ea01d670062021-12-20 15:52:36.424root 11241100x8000000000000000750440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b84cc5972fc4b92021-12-20 15:52:36.424root 11241100x8000000000000000750441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff5ed605203cc102021-12-20 15:52:36.424root 11241100x8000000000000000750442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26729b86d1b8af932021-12-20 15:52:36.424root 11241100x8000000000000000750443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2650068aa459b9a02021-12-20 15:52:36.424root 11241100x8000000000000000750444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832574c6f65ee69d2021-12-20 15:52:36.424root 11241100x8000000000000000750445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f144c25bd333b92021-12-20 15:52:36.425root 11241100x8000000000000000750446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733ac1c4fdb79c642021-12-20 15:52:36.425root 11241100x8000000000000000750447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811e5b543b1eb0022021-12-20 15:52:36.425root 11241100x8000000000000000750448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770a72f97cdf36d82021-12-20 15:52:36.425root 11241100x8000000000000000750449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5207deb977ea0632021-12-20 15:52:36.425root 11241100x8000000000000000750450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b25d3f88f77caeb2021-12-20 15:52:36.425root 11241100x8000000000000000750451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711bb499ed10e90d2021-12-20 15:52:36.924root 11241100x8000000000000000750452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e097e1ea1492a12021-12-20 15:52:36.924root 11241100x8000000000000000750453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3bed137f35efad2021-12-20 15:52:36.924root 11241100x8000000000000000750454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5b5c706246c53d2021-12-20 15:52:36.924root 11241100x8000000000000000750455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7194fd9f4a0fb14c2021-12-20 15:52:36.924root 11241100x8000000000000000750456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b533f6cea8a8152d2021-12-20 15:52:36.925root 11241100x8000000000000000750457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97a3a9b49a917cc2021-12-20 15:52:36.925root 11241100x8000000000000000750458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9937baa3ac446a812021-12-20 15:52:36.925root 11241100x8000000000000000750459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2abd29947668152021-12-20 15:52:36.925root 11241100x8000000000000000750460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25216f7dbdedb2e12021-12-20 15:52:36.925root 11241100x8000000000000000750461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721b99253fe6e4e42021-12-20 15:52:36.925root 11241100x8000000000000000750462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3000969e4d3f6f52021-12-20 15:52:36.925root 11241100x8000000000000000750463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc6fbc23d02d09b2021-12-20 15:52:36.925root 11241100x8000000000000000750464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9c74a199c80e7f2021-12-20 15:52:37.424root 11241100x8000000000000000750465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09048a68bf0c0e292021-12-20 15:52:37.424root 11241100x8000000000000000750466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbef3227aea7abe2021-12-20 15:52:37.424root 11241100x8000000000000000750467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f488023ffd6f9d2021-12-20 15:52:37.424root 11241100x8000000000000000750468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8660672ba7126e872021-12-20 15:52:37.425root 11241100x8000000000000000750469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ed4fafa4030c812021-12-20 15:52:37.425root 11241100x8000000000000000750470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a153d30e29b0b62021-12-20 15:52:37.426root 11241100x8000000000000000750471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0704fc81d27a9dc82021-12-20 15:52:37.426root 11241100x8000000000000000750472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395791eb73db14522021-12-20 15:52:37.426root 11241100x8000000000000000750473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7107cef9d14a11e2021-12-20 15:52:37.426root 11241100x8000000000000000750474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030b7bc03e16bb062021-12-20 15:52:37.426root 11241100x8000000000000000750475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3631152d95235202021-12-20 15:52:37.426root 11241100x8000000000000000750476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacdf07b1bf2cfc12021-12-20 15:52:37.426root 11241100x8000000000000000750477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd80f71443dc91ee2021-12-20 15:52:37.924root 11241100x8000000000000000750478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d776d4cb468a52021-12-20 15:52:37.924root 11241100x8000000000000000750479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17515d281d5db98b2021-12-20 15:52:37.924root 11241100x8000000000000000750480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdf9df43e31046d2021-12-20 15:52:37.924root 11241100x8000000000000000750481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5867ca0fb1bf6a602021-12-20 15:52:37.924root 11241100x8000000000000000750482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db47ac0783fa56522021-12-20 15:52:37.924root 11241100x8000000000000000750483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354176bb04b4a5742021-12-20 15:52:37.924root 11241100x8000000000000000750484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8ede52077392ed2021-12-20 15:52:37.925root 11241100x8000000000000000750485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9c149d36daa61b2021-12-20 15:52:37.925root 11241100x8000000000000000750486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929cecd8dfff95912021-12-20 15:52:37.925root 11241100x8000000000000000750487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b359ee3970f53c42021-12-20 15:52:37.925root 11241100x8000000000000000750488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5fb2a91722778d2021-12-20 15:52:37.925root 11241100x8000000000000000750489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71c96c1f4e3499a2021-12-20 15:52:37.925root 354300x8000000000000000750490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.177{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51312-false10.0.1.12-8000- 11241100x8000000000000000750491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169c2ec76241179a2021-12-20 15:52:38.177root 11241100x8000000000000000750492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfe43c1c91f096e2021-12-20 15:52:38.178root 11241100x8000000000000000750493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c939046e16cc4642021-12-20 15:52:38.178root 11241100x8000000000000000750494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f43f1ad2915662d2021-12-20 15:52:38.178root 11241100x8000000000000000750495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a937f6d9fea97a7b2021-12-20 15:52:38.178root 11241100x8000000000000000750496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba33b3df2cdab232021-12-20 15:52:38.178root 11241100x8000000000000000750497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc470428651930ba2021-12-20 15:52:38.178root 11241100x8000000000000000750498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a308053e78ed92362021-12-20 15:52:38.179root 11241100x8000000000000000750499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bea1422e257d7912021-12-20 15:52:38.179root 11241100x8000000000000000750500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb687e367f1e2402021-12-20 15:52:38.179root 11241100x8000000000000000750501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c617e35268f65b52021-12-20 15:52:38.179root 11241100x8000000000000000750502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd1a4858a234ee22021-12-20 15:52:38.179root 11241100x8000000000000000750503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1469d5780b4d53882021-12-20 15:52:38.179root 11241100x8000000000000000750504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c228ac00ccd00f2021-12-20 15:52:38.179root 11241100x8000000000000000750505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cfb5766209936f2021-12-20 15:52:38.179root 11241100x8000000000000000750506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8bce46c9a4c5d72021-12-20 15:52:38.180root 11241100x8000000000000000750507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881d73e165733d4a2021-12-20 15:52:38.180root 11241100x8000000000000000750508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690277b41a7fd1f42021-12-20 15:52:38.674root 11241100x8000000000000000750509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e337bdd1b251cb2021-12-20 15:52:38.674root 11241100x8000000000000000750510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b314e6a53221bc2021-12-20 15:52:38.675root 11241100x8000000000000000750511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57a66a76319be1a2021-12-20 15:52:38.675root 11241100x8000000000000000750512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fda52d65d8002ea2021-12-20 15:52:38.675root 11241100x8000000000000000750513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2375671fc37bdb2021-12-20 15:52:38.675root 11241100x8000000000000000750514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82084c68172b7d8d2021-12-20 15:52:38.675root 11241100x8000000000000000750515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3909720dea035bbf2021-12-20 15:52:38.675root 11241100x8000000000000000750516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed42409ea332b5a72021-12-20 15:52:38.675root 11241100x8000000000000000750517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12010c80bf7468002021-12-20 15:52:38.675root 11241100x8000000000000000750518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197ec97d50a088142021-12-20 15:52:38.675root 11241100x8000000000000000750519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd658a8b6f430c602021-12-20 15:52:38.675root 11241100x8000000000000000750520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ff98cf901d2a2f2021-12-20 15:52:38.675root 11241100x8000000000000000750521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17824bec164a69b92021-12-20 15:52:38.675root 23542300x8000000000000000750522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.071{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000750523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a023d09cd5a3aa82021-12-20 15:52:39.072root 11241100x8000000000000000750524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2e1003cd2a7ae82021-12-20 15:52:39.072root 11241100x8000000000000000750525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f81e65d54f3274b2021-12-20 15:52:39.073root 11241100x8000000000000000750526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cc1207e17bc4b92021-12-20 15:52:39.073root 11241100x8000000000000000750527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffa550feb3ee0162021-12-20 15:52:39.073root 11241100x8000000000000000750528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f7d421b93240002021-12-20 15:52:39.073root 11241100x8000000000000000750529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0583a01e6d9bd72021-12-20 15:52:39.073root 11241100x8000000000000000750530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb0c2eb9bd2f2dd2021-12-20 15:52:39.074root 11241100x8000000000000000750531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7878d3a1ced6bd052021-12-20 15:52:39.074root 11241100x8000000000000000750532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c8921e6ada59ef2021-12-20 15:52:39.074root 11241100x8000000000000000750533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e132236b865bda2021-12-20 15:52:39.074root 11241100x8000000000000000750534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bb3a55b718a70a2021-12-20 15:52:39.074root 11241100x8000000000000000750535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9f252a13a85a482021-12-20 15:52:39.074root 11241100x8000000000000000750536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4409f75daf592e862021-12-20 15:52:39.074root 11241100x8000000000000000750537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37a34e400ce95612021-12-20 15:52:39.075root 11241100x8000000000000000750538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9203304dafe78ec42021-12-20 15:52:39.075root 11241100x8000000000000000750539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b26fdc5f622630a2021-12-20 15:52:39.424root 11241100x8000000000000000750540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1055863ef2e4b4eb2021-12-20 15:52:39.424root 11241100x8000000000000000750541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df19eac26c4bca32021-12-20 15:52:39.424root 11241100x8000000000000000750542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd71c0bef1116a392021-12-20 15:52:39.424root 11241100x8000000000000000750543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974e7dad08dbe4a72021-12-20 15:52:39.424root 11241100x8000000000000000750544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7e5591de03bd0f2021-12-20 15:52:39.424root 11241100x8000000000000000750545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e87b19adf5f97b22021-12-20 15:52:39.425root 11241100x8000000000000000750546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6526c929d3a4cad22021-12-20 15:52:39.425root 11241100x8000000000000000750547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a5fea704ec39982021-12-20 15:52:39.425root 11241100x8000000000000000750548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286df88c679232242021-12-20 15:52:39.425root 11241100x8000000000000000750549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0bdd58684212d12021-12-20 15:52:39.425root 11241100x8000000000000000750550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea9c9f311f6e6932021-12-20 15:52:39.425root 11241100x8000000000000000750551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9bb25ad848e17b2021-12-20 15:52:39.425root 11241100x8000000000000000750552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9273aedb16cfda22021-12-20 15:52:39.425root 11241100x8000000000000000750553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6335ab70eabb4f2021-12-20 15:52:39.425root 11241100x8000000000000000750554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc22fe3978bdb7f2021-12-20 15:52:39.924root 11241100x8000000000000000750555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4b1acacfa450a82021-12-20 15:52:39.924root 11241100x8000000000000000750556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfd05e84a5ff7da2021-12-20 15:52:39.924root 11241100x8000000000000000750557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28364548078d863c2021-12-20 15:52:39.924root 11241100x8000000000000000750558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93ca54cdd4739f82021-12-20 15:52:39.925root 11241100x8000000000000000750559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931be50d88e3bff82021-12-20 15:52:39.925root 11241100x8000000000000000750560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28fc60e65e5097c2021-12-20 15:52:39.925root 11241100x8000000000000000750561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581708e35c88815c2021-12-20 15:52:39.925root 11241100x8000000000000000750562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26da41a755b93b32021-12-20 15:52:39.925root 11241100x8000000000000000750563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0818343ffc93d6082021-12-20 15:52:39.925root 11241100x8000000000000000750564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465c763ee2cc41152021-12-20 15:52:39.925root 11241100x8000000000000000750565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58ad04630ff1e372021-12-20 15:52:39.925root 11241100x8000000000000000750566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba63f10dad4139462021-12-20 15:52:39.925root 11241100x8000000000000000750567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488592cc270892b82021-12-20 15:52:39.925root 11241100x8000000000000000750568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84782738377f2722021-12-20 15:52:39.926root 11241100x8000000000000000750569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6920eedad708e2be2021-12-20 15:52:40.424root 11241100x8000000000000000750570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ac51efb84edb372021-12-20 15:52:40.424root 11241100x8000000000000000750571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45b5e76ae79a3622021-12-20 15:52:40.424root 11241100x8000000000000000750572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506b005ff12fb0e02021-12-20 15:52:40.424root 11241100x8000000000000000750573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4138aee475dedf2021-12-20 15:52:40.424root 11241100x8000000000000000750574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d299d494d0f1da402021-12-20 15:52:40.424root 11241100x8000000000000000750575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0eefaa2c0fb23822021-12-20 15:52:40.424root 11241100x8000000000000000750576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab8d2d43464e6b82021-12-20 15:52:40.424root 11241100x8000000000000000750577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c7463cf9b5660f2021-12-20 15:52:40.424root 11241100x8000000000000000750578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5424221ccc39ce2021-12-20 15:52:40.425root 11241100x8000000000000000750579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0c9a3ec4b245ad2021-12-20 15:52:40.425root 11241100x8000000000000000750580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0413e1164e4fca92021-12-20 15:52:40.425root 11241100x8000000000000000750581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9b66bf28657e182021-12-20 15:52:40.425root 11241100x8000000000000000750582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c420c827cfa2bed2021-12-20 15:52:40.425root 11241100x8000000000000000750583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba7be74bcd369cf2021-12-20 15:52:40.425root 11241100x8000000000000000750584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcda9525b3c088ca2021-12-20 15:52:40.924root 11241100x8000000000000000750585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c58c7d5e33ca7542021-12-20 15:52:40.924root 11241100x8000000000000000750586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7a11bae59893452021-12-20 15:52:40.924root 11241100x8000000000000000750587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8b3ee30cccb8ee2021-12-20 15:52:40.925root 11241100x8000000000000000750588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483e47f6130f943e2021-12-20 15:52:40.925root 11241100x8000000000000000750589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42352c74fa4ec5af2021-12-20 15:52:40.925root 11241100x8000000000000000750590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73488728f7c25a522021-12-20 15:52:40.925root 11241100x8000000000000000750591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1e23c05ab2662c2021-12-20 15:52:40.925root 11241100x8000000000000000750592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed4d754942866552021-12-20 15:52:40.925root 11241100x8000000000000000750593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bb7322d695544e2021-12-20 15:52:40.925root 11241100x8000000000000000750594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4d85e08f56f4c72021-12-20 15:52:40.925root 11241100x8000000000000000750595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089f5bf84b67811a2021-12-20 15:52:40.925root 11241100x8000000000000000750596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b425837686f0582021-12-20 15:52:40.925root 11241100x8000000000000000750597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353b9ebeb0386d002021-12-20 15:52:40.925root 11241100x8000000000000000750598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7eb03ca9dcae962021-12-20 15:52:40.925root 11241100x8000000000000000750599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e470066569a1a91c2021-12-20 15:52:41.424root 11241100x8000000000000000750600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9563a48737feb5952021-12-20 15:52:41.424root 11241100x8000000000000000750601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137b64066e320482021-12-20 15:52:41.424root 11241100x8000000000000000750602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742039b9945262d32021-12-20 15:52:41.424root 11241100x8000000000000000750603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3759a05188b337a82021-12-20 15:52:41.424root 11241100x8000000000000000750604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afdf3d658db4ef32021-12-20 15:52:41.425root 11241100x8000000000000000750605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033d18fee5668a802021-12-20 15:52:41.425root 11241100x8000000000000000750606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfb4bc75cfe1a7f2021-12-20 15:52:41.425root 11241100x8000000000000000750607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0f623c3acadcb32021-12-20 15:52:41.425root 11241100x8000000000000000750608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b68aab93a0f8432021-12-20 15:52:41.425root 11241100x8000000000000000750609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba0ea73e4ec846e2021-12-20 15:52:41.425root 11241100x8000000000000000750610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0797bcff623a91492021-12-20 15:52:41.425root 11241100x8000000000000000750611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4898b3eb2b12662021-12-20 15:52:41.425root 11241100x8000000000000000750612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146ec63c526b24ab2021-12-20 15:52:41.425root 11241100x8000000000000000750613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64b96ad9e580d192021-12-20 15:52:41.425root 11241100x8000000000000000750614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce4f77cadf7dca52021-12-20 15:52:41.924root 11241100x8000000000000000750615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d16f7ef12a84812021-12-20 15:52:41.924root 11241100x8000000000000000750616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ad9bade4f64d2a2021-12-20 15:52:41.924root 11241100x8000000000000000750617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0aa1ff43486c1232021-12-20 15:52:41.924root 11241100x8000000000000000750618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe704f2d93588faf2021-12-20 15:52:41.925root 11241100x8000000000000000750619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9630162e84896fb22021-12-20 15:52:41.925root 11241100x8000000000000000750620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdf02206fcbc35f2021-12-20 15:52:41.925root 11241100x8000000000000000750621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a267d1bdeded1c272021-12-20 15:52:41.925root 11241100x8000000000000000750622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd959e78f8d90b82021-12-20 15:52:41.925root 11241100x8000000000000000750623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196f5ea3ea452a4e2021-12-20 15:52:41.925root 11241100x8000000000000000750624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0833a2a767225a542021-12-20 15:52:41.925root 11241100x8000000000000000750625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458bcd030d7cfa232021-12-20 15:52:41.925root 11241100x8000000000000000750626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192fd920d0bdfa122021-12-20 15:52:41.925root 11241100x8000000000000000750627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bc3ecb369621822021-12-20 15:52:41.925root 11241100x8000000000000000750628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa8cd58f893f9632021-12-20 15:52:41.925root 11241100x8000000000000000750629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406e33d4473002f32021-12-20 15:52:42.424root 11241100x8000000000000000750630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1b7c5d5755959d2021-12-20 15:52:42.424root 11241100x8000000000000000750631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f58f87513d3f072021-12-20 15:52:42.424root 11241100x8000000000000000750632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3241535f273c49d32021-12-20 15:52:42.424root 11241100x8000000000000000750633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d673dd3db969653c2021-12-20 15:52:42.425root 11241100x8000000000000000750634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a621c5b627ed33662021-12-20 15:52:42.425root 11241100x8000000000000000750635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb920bf58af43d8a2021-12-20 15:52:42.425root 11241100x8000000000000000750636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a467aff1604c98812021-12-20 15:52:42.425root 11241100x8000000000000000750637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de8e0a4b581a132021-12-20 15:52:42.425root 11241100x8000000000000000750638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4906cb667ada14bc2021-12-20 15:52:42.425root 11241100x8000000000000000750639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e0100fb7e2ba382021-12-20 15:52:42.425root 11241100x8000000000000000750640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e8d7d5dd8e9a622021-12-20 15:52:42.425root 11241100x8000000000000000750641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4d7dd5da6e8ed82021-12-20 15:52:42.425root 11241100x8000000000000000750642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f4f6945b3d55b62021-12-20 15:52:42.425root 11241100x8000000000000000750643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0f43411061482c2021-12-20 15:52:42.425root 11241100x8000000000000000750644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d19936499323ca12021-12-20 15:52:42.925root 11241100x8000000000000000750645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1790f1d69ff4109c2021-12-20 15:52:42.925root 11241100x8000000000000000750646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1f2cd172a2d3df2021-12-20 15:52:42.925root 11241100x8000000000000000750647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09650500620725ae2021-12-20 15:52:42.925root 11241100x8000000000000000750648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317f43ecbaf0adec2021-12-20 15:52:42.925root 11241100x8000000000000000750649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd654d99fcd608fe2021-12-20 15:52:42.925root 11241100x8000000000000000750650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cb5f0ca93a13852021-12-20 15:52:42.925root 11241100x8000000000000000750651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31309de8a34937fe2021-12-20 15:52:42.925root 11241100x8000000000000000750652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6e8b776dab58182021-12-20 15:52:42.925root 11241100x8000000000000000750653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3074473740f89ae42021-12-20 15:52:42.926root 11241100x8000000000000000750654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4fe36f1dd914d22021-12-20 15:52:42.926root 11241100x8000000000000000750655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f405bfcc4c417032021-12-20 15:52:42.926root 11241100x8000000000000000750656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51027d87bf1735022021-12-20 15:52:42.926root 11241100x8000000000000000750657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704ff9f829efd4ce2021-12-20 15:52:42.926root 11241100x8000000000000000750658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2c8d8e30c8721e2021-12-20 15:52:42.927root 11241100x8000000000000000750659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2597e1789f32c02021-12-20 15:52:43.424root 11241100x8000000000000000750660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512557afc00bb00b2021-12-20 15:52:43.424root 11241100x8000000000000000750661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4683a3588c58fa262021-12-20 15:52:43.424root 11241100x8000000000000000750662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f28d52157312562021-12-20 15:52:43.424root 11241100x8000000000000000750663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8782de6b562352f92021-12-20 15:52:43.424root 11241100x8000000000000000750664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e8661d713df40d2021-12-20 15:52:43.424root 11241100x8000000000000000750665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469732e24d4d141d2021-12-20 15:52:43.424root 11241100x8000000000000000750666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae927901c403e50c2021-12-20 15:52:43.424root 11241100x8000000000000000750667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5f22b6d9646a152021-12-20 15:52:43.425root 11241100x8000000000000000750668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acd91fd4afed2662021-12-20 15:52:43.425root 11241100x8000000000000000750669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c383f6ae5268e88a2021-12-20 15:52:43.425root 11241100x8000000000000000750670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbaf4cece388e8b2021-12-20 15:52:43.425root 11241100x8000000000000000750671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70da06bb8f6aca1f2021-12-20 15:52:43.425root 11241100x8000000000000000750672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d9ac9abe2f5c522021-12-20 15:52:43.425root 11241100x8000000000000000750673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73cfbf4100ac5b92021-12-20 15:52:43.425root 11241100x8000000000000000750674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b20a7c309958f312021-12-20 15:52:43.924root 11241100x8000000000000000750675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db7fb0a7e123aaf2021-12-20 15:52:43.924root 11241100x8000000000000000750676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba70f606d1d3637e2021-12-20 15:52:43.924root 11241100x8000000000000000750677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8afd7818a3bf20a2021-12-20 15:52:43.924root 11241100x8000000000000000750678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abf295ff8aff6b62021-12-20 15:52:43.925root 11241100x8000000000000000750679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3765884a7b80222021-12-20 15:52:43.925root 11241100x8000000000000000750680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0a07b42babf6982021-12-20 15:52:43.925root 11241100x8000000000000000750681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f6eebae1cce47a2021-12-20 15:52:43.925root 11241100x8000000000000000750682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f99f5da6c1e05e92021-12-20 15:52:43.925root 11241100x8000000000000000750683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677ac1f3aff5129d2021-12-20 15:52:43.925root 11241100x8000000000000000750684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c706554b88db880e2021-12-20 15:52:43.925root 11241100x8000000000000000750685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b1de14a80c1c402021-12-20 15:52:43.925root 11241100x8000000000000000750686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ee861cca8c003f2021-12-20 15:52:43.925root 11241100x8000000000000000750687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6063d6b3a8cb232021-12-20 15:52:43.925root 11241100x8000000000000000750688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac24c7abd4843abd2021-12-20 15:52:43.926root 354300x8000000000000000750689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.162{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51314-false10.0.1.12-8000- 11241100x8000000000000000750690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0abf4d4cf529b0d2021-12-20 15:52:44.424root 11241100x8000000000000000750691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2681ddfcd7d0b62021-12-20 15:52:44.424root 11241100x8000000000000000750692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6cbb76ca849bac2021-12-20 15:52:44.424root 11241100x8000000000000000750693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc41a35b63a94652021-12-20 15:52:44.425root 11241100x8000000000000000750694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17397a941bfeba12021-12-20 15:52:44.425root 11241100x8000000000000000750695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293d0741235a882e2021-12-20 15:52:44.425root 11241100x8000000000000000750696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a646a917f28a6df2021-12-20 15:52:44.425root 11241100x8000000000000000750697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bdae7b45ed07ec2021-12-20 15:52:44.425root 11241100x8000000000000000750698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c91016d14d275402021-12-20 15:52:44.425root 11241100x8000000000000000750699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a756cee374fdf1b2021-12-20 15:52:44.425root 11241100x8000000000000000750700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f774536ab38955622021-12-20 15:52:44.425root 11241100x8000000000000000750701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042f04102788c3272021-12-20 15:52:44.425root 11241100x8000000000000000750702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3ed6d3e6d546ec2021-12-20 15:52:44.425root 11241100x8000000000000000750703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8dddd7dd20fa802021-12-20 15:52:44.425root 11241100x8000000000000000750704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592bdbb61477dfb12021-12-20 15:52:44.425root 11241100x8000000000000000750705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5206f8f6db9b82c82021-12-20 15:52:44.425root 11241100x8000000000000000750706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12a3ec6e32cd8ed2021-12-20 15:52:44.924root 11241100x8000000000000000750707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb415fb5167bcaf2021-12-20 15:52:44.924root 11241100x8000000000000000750708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46f2c412c3f214d2021-12-20 15:52:44.924root 11241100x8000000000000000750709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4585a17f7c78c72021-12-20 15:52:44.924root 11241100x8000000000000000750710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5313efca4e619da02021-12-20 15:52:44.925root 11241100x8000000000000000750711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423cfb3a548d77a32021-12-20 15:52:44.925root 11241100x8000000000000000750712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf0a6736e587bf12021-12-20 15:52:44.925root 11241100x8000000000000000750713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f00cdf4551cc352021-12-20 15:52:44.925root 11241100x8000000000000000750714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08aab7152bece072021-12-20 15:52:44.925root 11241100x8000000000000000750715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729392efd5e60f0b2021-12-20 15:52:44.925root 11241100x8000000000000000750716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff17df61a7d4c0332021-12-20 15:52:44.925root 11241100x8000000000000000750717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4d8d44c57467a62021-12-20 15:52:44.925root 11241100x8000000000000000750718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12be15a2ac7ac7052021-12-20 15:52:44.925root 11241100x8000000000000000750719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d2524c464de7032021-12-20 15:52:44.925root 11241100x8000000000000000750720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47e972fcdc3338a2021-12-20 15:52:44.925root 11241100x8000000000000000750721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3a29be40b37d992021-12-20 15:52:44.925root 11241100x8000000000000000750722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd04e9b16a4a1e62021-12-20 15:52:45.424root 11241100x8000000000000000750723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4e6e5d42ae21fc2021-12-20 15:52:45.424root 11241100x8000000000000000750724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e902470e47b7f22021-12-20 15:52:45.424root 11241100x8000000000000000750725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e29836188c4b7b72021-12-20 15:52:45.425root 11241100x8000000000000000750726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2572d3ded7ca8d72021-12-20 15:52:45.425root 11241100x8000000000000000750727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a2d1f3dd2579132021-12-20 15:52:45.425root 11241100x8000000000000000750728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6c14eb4093e6fc2021-12-20 15:52:45.425root 11241100x8000000000000000750729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0684b1469c4a3fb2021-12-20 15:52:45.425root 11241100x8000000000000000750730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34ed6d5658db8152021-12-20 15:52:45.425root 11241100x8000000000000000750731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bc871a3690fb842021-12-20 15:52:45.425root 11241100x8000000000000000750732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da35d23adfc478242021-12-20 15:52:45.425root 11241100x8000000000000000750733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857dfe06574c0ace2021-12-20 15:52:45.425root 11241100x8000000000000000750734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4850395dd4d868862021-12-20 15:52:45.425root 11241100x8000000000000000750735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbf8a0e2e2912ac2021-12-20 15:52:45.425root 11241100x8000000000000000750736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401f137f0163efa32021-12-20 15:52:45.425root 11241100x8000000000000000750737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c960dd5362e6852021-12-20 15:52:45.425root 11241100x8000000000000000750738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c579dccc65cbf1252021-12-20 15:52:45.924root 11241100x8000000000000000750739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97acb218d271d602021-12-20 15:52:45.924root 11241100x8000000000000000750740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cf57bddc0e10532021-12-20 15:52:45.924root 11241100x8000000000000000750741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e36df5ef814d5742021-12-20 15:52:45.924root 11241100x8000000000000000750742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69899e54364373e02021-12-20 15:52:45.925root 11241100x8000000000000000750743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579f0fa1ff2f1ee22021-12-20 15:52:45.925root 11241100x8000000000000000750744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67212e9a4b3b4f92021-12-20 15:52:45.925root 11241100x8000000000000000750745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eb0543e39535db2021-12-20 15:52:45.925root 11241100x8000000000000000750746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c824b2cc30652d2021-12-20 15:52:45.925root 11241100x8000000000000000750747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bfd249966486d32021-12-20 15:52:45.925root 11241100x8000000000000000750748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234cbbe61d5d46262021-12-20 15:52:45.925root 11241100x8000000000000000750749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d693618c6eb99a722021-12-20 15:52:45.925root 11241100x8000000000000000750750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dd742f71a2617a2021-12-20 15:52:45.925root 11241100x8000000000000000750751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1745ca04d6a6342021-12-20 15:52:45.925root 11241100x8000000000000000750752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5c781dd82862b12021-12-20 15:52:45.925root 11241100x8000000000000000750753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f581f7a18342f652021-12-20 15:52:45.926root 11241100x8000000000000000750754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664530a1dd15a8042021-12-20 15:52:46.424root 11241100x8000000000000000750755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d451465d7750e8b2021-12-20 15:52:46.424root 11241100x8000000000000000750756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ebc99d6f04c2052021-12-20 15:52:46.424root 11241100x8000000000000000750757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7282ae152b3f20e32021-12-20 15:52:46.424root 11241100x8000000000000000750758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43989f05e24e98c32021-12-20 15:52:46.425root 11241100x8000000000000000750759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1010cb12b6ad932021-12-20 15:52:46.425root 11241100x8000000000000000750760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e124c8e6b0b4182021-12-20 15:52:46.425root 11241100x8000000000000000750761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3a0c2d21c767602021-12-20 15:52:46.425root 11241100x8000000000000000750762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18eefe67bee15972021-12-20 15:52:46.425root 11241100x8000000000000000750763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2599134141909c42021-12-20 15:52:46.425root 11241100x8000000000000000750764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a1b141b57919ae2021-12-20 15:52:46.425root 11241100x8000000000000000750765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f026ad8d1285f4102021-12-20 15:52:46.425root 11241100x8000000000000000750766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ad77387ee54a242021-12-20 15:52:46.425root 11241100x8000000000000000750767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645ac9c3d9d1767f2021-12-20 15:52:46.425root 11241100x8000000000000000750768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be62b7bb15dc38af2021-12-20 15:52:46.425root 11241100x8000000000000000750769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d299b969e24cbf2021-12-20 15:52:46.425root 11241100x8000000000000000750770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82acceed6ba615612021-12-20 15:52:46.924root 11241100x8000000000000000750771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e43e80c674075822021-12-20 15:52:46.924root 11241100x8000000000000000750772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf783e38638eced02021-12-20 15:52:46.924root 11241100x8000000000000000750773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5effa3dbe75e0a042021-12-20 15:52:46.925root 11241100x8000000000000000750774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db342c3a62383e82021-12-20 15:52:46.925root 11241100x8000000000000000750775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5703c4a9d816d22021-12-20 15:52:46.925root 11241100x8000000000000000750776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8102a9724f617e92021-12-20 15:52:46.925root 11241100x8000000000000000750777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf47d1321690c5182021-12-20 15:52:46.925root 11241100x8000000000000000750778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cf4b65953e1d072021-12-20 15:52:46.925root 11241100x8000000000000000750779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f342e9f76ad138c92021-12-20 15:52:46.925root 11241100x8000000000000000750780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c7d4c3b5c4b1152021-12-20 15:52:46.925root 11241100x8000000000000000750781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2699fe9c47e0fbcf2021-12-20 15:52:46.925root 11241100x8000000000000000750782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9804fad32dc3bf5d2021-12-20 15:52:46.925root 11241100x8000000000000000750783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c13a01ed57d08e2021-12-20 15:52:46.925root 11241100x8000000000000000750784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df51e47607d7f70b2021-12-20 15:52:46.925root 11241100x8000000000000000750785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6019652b42fb892021-12-20 15:52:46.925root 11241100x8000000000000000750786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6884166b05bb40da2021-12-20 15:52:47.424root 11241100x8000000000000000750787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7177e7dc395a3c232021-12-20 15:52:47.424root 11241100x8000000000000000750788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd67b7e8e67e0952021-12-20 15:52:47.424root 11241100x8000000000000000750789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79c33c9b32586372021-12-20 15:52:47.425root 11241100x8000000000000000750790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9438b47ccc3432cd2021-12-20 15:52:47.425root 11241100x8000000000000000750791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdaecdbb21974c12021-12-20 15:52:47.425root 11241100x8000000000000000750792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b4e9db6aa4c5012021-12-20 15:52:47.425root 11241100x8000000000000000750793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c75ef95b58f7f462021-12-20 15:52:47.425root 11241100x8000000000000000750794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6f79b4abdbc27d2021-12-20 15:52:47.425root 11241100x8000000000000000750795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d488cfa6845642c2021-12-20 15:52:47.425root 11241100x8000000000000000750796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ec66533c0ac97f2021-12-20 15:52:47.426root 11241100x8000000000000000750797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325c2ef6a3c61a072021-12-20 15:52:47.426root 11241100x8000000000000000750798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75bf37270f9659b2021-12-20 15:52:47.426root 11241100x8000000000000000750799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739aa41123b8f82a2021-12-20 15:52:47.426root 11241100x8000000000000000750800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf424151b313dda92021-12-20 15:52:47.426root 11241100x8000000000000000750801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074ee4fc3e37275d2021-12-20 15:52:47.426root 11241100x8000000000000000750802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8abdb29eece8e82021-12-20 15:52:47.924root 11241100x8000000000000000750803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28ab7dc997110342021-12-20 15:52:47.924root 11241100x8000000000000000750804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d652faef2dcae42021-12-20 15:52:47.924root 11241100x8000000000000000750805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3e63753ec27c2b2021-12-20 15:52:47.924root 11241100x8000000000000000750806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debad9fac17919c82021-12-20 15:52:47.925root 11241100x8000000000000000750807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492eed5f088999fb2021-12-20 15:52:47.925root 11241100x8000000000000000750808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdeeca1fca1737a62021-12-20 15:52:47.925root 11241100x8000000000000000750809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f7069eacf5a9b32021-12-20 15:52:47.925root 11241100x8000000000000000750810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1213e13dd466d82021-12-20 15:52:47.925root 11241100x8000000000000000750811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d77be2318d6a12021-12-20 15:52:47.925root 11241100x8000000000000000750812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673f498ad0c2d1b12021-12-20 15:52:47.925root 11241100x8000000000000000750813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd30e8fa73d03282021-12-20 15:52:47.925root 11241100x8000000000000000750814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d77e54710e069d2021-12-20 15:52:47.925root 11241100x8000000000000000750815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99b2e2c1c3ae35a2021-12-20 15:52:47.925root 11241100x8000000000000000750816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4cff0d8582e9722021-12-20 15:52:47.925root 11241100x8000000000000000750817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5576372da48810fd2021-12-20 15:52:47.925root 11241100x8000000000000000750818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0350fdb09985bbe22021-12-20 15:52:48.424root 11241100x8000000000000000750819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8766bcdbd65609d42021-12-20 15:52:48.424root 11241100x8000000000000000750820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d273866a86d7822021-12-20 15:52:48.424root 11241100x8000000000000000750821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f104b3451c1988d42021-12-20 15:52:48.424root 11241100x8000000000000000750822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151f6806a0d072352021-12-20 15:52:48.424root 11241100x8000000000000000750823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e96213f37cad202021-12-20 15:52:48.424root 11241100x8000000000000000750824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa864c20ee6a20d2021-12-20 15:52:48.425root 11241100x8000000000000000750825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c479ded69c81322021-12-20 15:52:48.425root 11241100x8000000000000000750826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a3662d38924d3c2021-12-20 15:52:48.425root 11241100x8000000000000000750827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440702ebbd16a3402021-12-20 15:52:48.425root 11241100x8000000000000000750828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296e3db6e773fae82021-12-20 15:52:48.425root 11241100x8000000000000000750829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29a049306ebbd232021-12-20 15:52:48.425root 11241100x8000000000000000750830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e385695e36d5af2021-12-20 15:52:48.425root 11241100x8000000000000000750831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c5dafa6fa612a32021-12-20 15:52:48.425root 11241100x8000000000000000750832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd41b8fd8fb7ea82021-12-20 15:52:48.425root 11241100x8000000000000000750833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb634b0c4f20f9982021-12-20 15:52:48.425root 11241100x8000000000000000750834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352280e73f4068322021-12-20 15:52:48.924root 11241100x8000000000000000750835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131fe4947d66f9bf2021-12-20 15:52:48.924root 11241100x8000000000000000750836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047edaf3e99885a42021-12-20 15:52:48.924root 11241100x8000000000000000750837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e229fea5064c0732021-12-20 15:52:48.924root 11241100x8000000000000000750838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4014b64f031d06e22021-12-20 15:52:48.924root 11241100x8000000000000000750839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6daf6d703ab8142021-12-20 15:52:48.925root 11241100x8000000000000000750840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2bbb5054819ccc2021-12-20 15:52:48.925root 11241100x8000000000000000750841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2112774f86b11162021-12-20 15:52:48.925root 11241100x8000000000000000750842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd8ad212ca2075b2021-12-20 15:52:48.925root 11241100x8000000000000000750843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e35a5d4cb03a80d2021-12-20 15:52:48.925root 11241100x8000000000000000750844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed908a17f58f5692021-12-20 15:52:48.925root 11241100x8000000000000000750845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc6d73024ac913d2021-12-20 15:52:48.925root 11241100x8000000000000000750846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947e7ec4130813cd2021-12-20 15:52:48.925root 11241100x8000000000000000750847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d85a7203317f322021-12-20 15:52:48.925root 11241100x8000000000000000750848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942774f69a1bd1902021-12-20 15:52:48.925root 11241100x8000000000000000750849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991373e9db329d092021-12-20 15:52:48.926root 11241100x8000000000000000750850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c523a338539d3b2021-12-20 15:52:49.424root 11241100x8000000000000000750851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dad0362e36f7cc02021-12-20 15:52:49.424root 11241100x8000000000000000750852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a360c49ecb8f06622021-12-20 15:52:49.424root 11241100x8000000000000000750853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de8b1dc35de215d2021-12-20 15:52:49.425root 11241100x8000000000000000750854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4db2c71dd904ea2021-12-20 15:52:49.425root 11241100x8000000000000000750855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c986093f1f4ceb132021-12-20 15:52:49.425root 11241100x8000000000000000750856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eceacbe8dd138b2021-12-20 15:52:49.425root 11241100x8000000000000000750857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbcdf8dabd209862021-12-20 15:52:49.425root 11241100x8000000000000000750858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159a96c0fe9bcabf2021-12-20 15:52:49.425root 11241100x8000000000000000750859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744a7accf545f46b2021-12-20 15:52:49.425root 11241100x8000000000000000750860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5544106b45bba9b92021-12-20 15:52:49.425root 11241100x8000000000000000750861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f175de1aa9ac737b2021-12-20 15:52:49.426root 11241100x8000000000000000750862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56211225963bc18b2021-12-20 15:52:49.426root 11241100x8000000000000000750863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bfccb9887cf2632021-12-20 15:52:49.426root 11241100x8000000000000000750864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58aed591d301be32021-12-20 15:52:49.426root 11241100x8000000000000000750865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7965045b3dce532021-12-20 15:52:49.426root 11241100x8000000000000000750866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292e9e6575ba1bcb2021-12-20 15:52:49.924root 11241100x8000000000000000750867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99b1d926433a0582021-12-20 15:52:49.924root 11241100x8000000000000000750868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427b84737a1843db2021-12-20 15:52:49.924root 11241100x8000000000000000750869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f89583ecdf3b86c2021-12-20 15:52:49.924root 11241100x8000000000000000750870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d592d00996e3502021-12-20 15:52:49.925root 11241100x8000000000000000750871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f222b1e15a7646c2021-12-20 15:52:49.925root 11241100x8000000000000000750872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc04a7df0d0068c2021-12-20 15:52:49.925root 11241100x8000000000000000750873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db74bfc5678df4302021-12-20 15:52:49.925root 11241100x8000000000000000750874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db84413200030a9a2021-12-20 15:52:49.925root 11241100x8000000000000000750875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257435396b9c3aff2021-12-20 15:52:49.925root 11241100x8000000000000000750876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0bb441045c34642021-12-20 15:52:49.925root 11241100x8000000000000000750877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9498fdb97f5fde2021-12-20 15:52:49.925root 11241100x8000000000000000750878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdae30a7c2d78732021-12-20 15:52:49.926root 11241100x8000000000000000750879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e85c761f794f8e2021-12-20 15:52:49.926root 11241100x8000000000000000750880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e7fd4feaabf5312021-12-20 15:52:49.926root 11241100x8000000000000000750881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd0ad41f2b8d13e2021-12-20 15:52:49.926root 354300x8000000000000000750882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.124{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51316-false10.0.1.12-8000- 11241100x8000000000000000750883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5072ea14bfe9382021-12-20 15:52:50.424root 11241100x8000000000000000750884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d60b22eb6d509f22021-12-20 15:52:50.424root 11241100x8000000000000000750885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07eaaba8a041bbfe2021-12-20 15:52:50.424root 11241100x8000000000000000750886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef50c6d8d36ce7c2021-12-20 15:52:50.424root 11241100x8000000000000000750887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f166451c9f63f4ca2021-12-20 15:52:50.424root 11241100x8000000000000000750888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e33dffe8b2fe8f2021-12-20 15:52:50.424root 11241100x8000000000000000750889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070086a46bd276a12021-12-20 15:52:50.424root 11241100x8000000000000000750890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32654141911370c72021-12-20 15:52:50.425root 11241100x8000000000000000750891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df81b5697baa2e052021-12-20 15:52:50.425root 11241100x8000000000000000750892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc69a72ceef3f372021-12-20 15:52:50.425root 11241100x8000000000000000750893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdec74f70bc63a2c2021-12-20 15:52:50.425root 11241100x8000000000000000750894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eecff55c8435482021-12-20 15:52:50.425root 11241100x8000000000000000750895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3d22d01e3992b92021-12-20 15:52:50.425root 11241100x8000000000000000750896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0284234e3d91edc2021-12-20 15:52:50.425root 11241100x8000000000000000750897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f020bd10dbee9582021-12-20 15:52:50.425root 11241100x8000000000000000750898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3447fb5896bc0d0c2021-12-20 15:52:50.425root 11241100x8000000000000000750899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a8b1c8adb81f672021-12-20 15:52:50.425root 11241100x8000000000000000750900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cb4130df9a9d522021-12-20 15:52:50.924root 11241100x8000000000000000750901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7717dd737da59a642021-12-20 15:52:50.924root 11241100x8000000000000000750902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd86776e04728802021-12-20 15:52:50.924root 11241100x8000000000000000750903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87e84d700abfa422021-12-20 15:52:50.924root 11241100x8000000000000000750904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b84e68102f2bee2021-12-20 15:52:50.925root 11241100x8000000000000000750905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0de03491a9cfb52021-12-20 15:52:50.925root 11241100x8000000000000000750906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8b57e075e0c26f2021-12-20 15:52:50.925root 11241100x8000000000000000750907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498210b22d1009a12021-12-20 15:52:50.925root 11241100x8000000000000000750908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b43e9a39e73e2cc2021-12-20 15:52:50.925root 11241100x8000000000000000750909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7ea22f648667d82021-12-20 15:52:50.925root 11241100x8000000000000000750910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8385e9d58cfdc302021-12-20 15:52:50.926root 11241100x8000000000000000750911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95d7884ab7250fc2021-12-20 15:52:50.926root 11241100x8000000000000000750912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3086e415d7da46e22021-12-20 15:52:50.926root 11241100x8000000000000000750913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138011a688983fff2021-12-20 15:52:50.926root 11241100x8000000000000000750914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542241ae57008ca22021-12-20 15:52:50.926root 11241100x8000000000000000750915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b1f5754e655ad82021-12-20 15:52:50.926root 11241100x8000000000000000750916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a024fe86fd1865b2021-12-20 15:52:50.927root 11241100x8000000000000000750917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b404ada36221afa02021-12-20 15:52:51.424root 11241100x8000000000000000750918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e866014ff67e01c2021-12-20 15:52:51.424root 11241100x8000000000000000750919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f939f6acd1af252021-12-20 15:52:51.424root 11241100x8000000000000000750920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cc89dbbf1a23352021-12-20 15:52:51.424root 11241100x8000000000000000750921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dab4b9b71c80192021-12-20 15:52:51.425root 11241100x8000000000000000750922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf358a2b36ef28b42021-12-20 15:52:51.425root 11241100x8000000000000000750923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5e78a80f0f23812021-12-20 15:52:51.425root 11241100x8000000000000000750924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35e01a73c28cc9a2021-12-20 15:52:51.425root 11241100x8000000000000000750925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1be9e95918a32f2021-12-20 15:52:51.425root 11241100x8000000000000000750926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1200241e5091edd2021-12-20 15:52:51.425root 11241100x8000000000000000750927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cee23e14a95ad212021-12-20 15:52:51.425root 11241100x8000000000000000750928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc7dda3287d1a932021-12-20 15:52:51.425root 11241100x8000000000000000750929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b2472b5b4492f12021-12-20 15:52:51.425root 11241100x8000000000000000750930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45072fb6e42fa802021-12-20 15:52:51.425root 11241100x8000000000000000750931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03584e33f3bf92ac2021-12-20 15:52:51.425root 11241100x8000000000000000750932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c06417810915692021-12-20 15:52:51.425root 11241100x8000000000000000750933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75f6d33b411d1612021-12-20 15:52:51.425root 11241100x8000000000000000750934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee82bec2a1ebbb9f2021-12-20 15:52:51.924root 11241100x8000000000000000750935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6238aa28bcc9d3f52021-12-20 15:52:51.924root 11241100x8000000000000000750936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9deaac456857a0a42021-12-20 15:52:51.924root 11241100x8000000000000000750937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e75b48e41fe0eb2021-12-20 15:52:51.924root 11241100x8000000000000000750938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e9410a9f109582021-12-20 15:52:51.924root 11241100x8000000000000000750939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7652c6c831a315b82021-12-20 15:52:51.924root 11241100x8000000000000000750940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a31a26b0453f5542021-12-20 15:52:51.924root 11241100x8000000000000000750941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8b31e8750b0edd2021-12-20 15:52:51.925root 11241100x8000000000000000750942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06cb88f0f82655e2021-12-20 15:52:51.925root 11241100x8000000000000000750943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13dc3c9829c99862021-12-20 15:52:51.925root 11241100x8000000000000000750944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1fe743898a504a2021-12-20 15:52:51.925root 11241100x8000000000000000750945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738504a868f7917f2021-12-20 15:52:51.925root 11241100x8000000000000000750946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0986a0ec413555962021-12-20 15:52:51.925root 11241100x8000000000000000750947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974aaf72ef28f0fa2021-12-20 15:52:51.925root 11241100x8000000000000000750948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a55c1d572cd01252021-12-20 15:52:51.925root 11241100x8000000000000000750949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8c247d9bf80a9a2021-12-20 15:52:51.925root 11241100x8000000000000000750950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f492b46324c08ff52021-12-20 15:52:51.925root 11241100x8000000000000000750951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a39a6b829c671d2021-12-20 15:52:51.925root 11241100x8000000000000000750952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d02b00c26dcd7e2021-12-20 15:52:52.424root 11241100x8000000000000000750953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6153259ad3a51f722021-12-20 15:52:52.424root 11241100x8000000000000000750954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa1d1fbdcdf3d7e2021-12-20 15:52:52.424root 11241100x8000000000000000750955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d12a3a1249ec022021-12-20 15:52:52.424root 11241100x8000000000000000750956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65091b2094c2add42021-12-20 15:52:52.424root 11241100x8000000000000000750957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a281fcae1108432021-12-20 15:52:52.424root 11241100x8000000000000000750958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6381921d7aa816292021-12-20 15:52:52.424root 11241100x8000000000000000750959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b91250cdb757112021-12-20 15:52:52.424root 11241100x8000000000000000750960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5be8ff34bed43f62021-12-20 15:52:52.424root 11241100x8000000000000000750961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3cbeba7d173e1a2021-12-20 15:52:52.425root 11241100x8000000000000000750962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd3ed291f0110c62021-12-20 15:52:52.425root 11241100x8000000000000000750963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725591317f022a022021-12-20 15:52:52.425root 11241100x8000000000000000750964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb8c98d0dc8975e2021-12-20 15:52:52.425root 11241100x8000000000000000750965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f24f5960b7021cc2021-12-20 15:52:52.425root 11241100x8000000000000000750966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac73ebaf357e60a2021-12-20 15:52:52.425root 11241100x8000000000000000750967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7c42fc3a7fd85f2021-12-20 15:52:52.425root 11241100x8000000000000000750968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb0ac8041e79e062021-12-20 15:52:52.425root 11241100x8000000000000000750969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f06a69ddcdab9b2021-12-20 15:52:52.425root 11241100x8000000000000000750970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a530d9ce53aa3b4a2021-12-20 15:52:52.924root 11241100x8000000000000000750971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40d54d446fa1d802021-12-20 15:52:52.924root 11241100x8000000000000000750972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf3627127a23bce2021-12-20 15:52:52.925root 11241100x8000000000000000750973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8926e5a479f6dc0d2021-12-20 15:52:52.925root 11241100x8000000000000000750974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e08b1e81e4a5b132021-12-20 15:52:52.925root 11241100x8000000000000000750975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05905b065d448a92021-12-20 15:52:52.925root 11241100x8000000000000000750976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24080c6146819a92021-12-20 15:52:52.925root 11241100x8000000000000000750977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba720e3cf453d342021-12-20 15:52:52.925root 11241100x8000000000000000750978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d8730355fd44a02021-12-20 15:52:52.925root 11241100x8000000000000000750979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2bb316eb0ce4012021-12-20 15:52:52.925root 11241100x8000000000000000750980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afadd47a5fba3b82021-12-20 15:52:52.925root 11241100x8000000000000000750981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6463b2a5707c2f2021-12-20 15:52:52.925root 11241100x8000000000000000750982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e835af98ecfe6e72021-12-20 15:52:52.925root 11241100x8000000000000000750983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db30952471ae77942021-12-20 15:52:52.925root 11241100x8000000000000000750984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524203749e5313272021-12-20 15:52:52.925root 11241100x8000000000000000750985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba23d2a5375e0f32021-12-20 15:52:52.925root 11241100x8000000000000000750986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05469274783edc5e2021-12-20 15:52:52.925root 11241100x8000000000000000750987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea933ec8d6038922021-12-20 15:52:53.424root 11241100x8000000000000000750988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c656c6024e385bf2021-12-20 15:52:53.424root 11241100x8000000000000000750989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87172352d62c6e7d2021-12-20 15:52:53.424root 11241100x8000000000000000750990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3475aca08a201c622021-12-20 15:52:53.424root 11241100x8000000000000000750991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e066ae7ed580d32021-12-20 15:52:53.425root 11241100x8000000000000000750992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7019ad08836f992021-12-20 15:52:53.425root 11241100x8000000000000000750993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889846eef31abf262021-12-20 15:52:53.425root 11241100x8000000000000000750994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32bf5685575232b2021-12-20 15:52:53.425root 11241100x8000000000000000750995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398420a34949bb9a2021-12-20 15:52:53.425root 11241100x8000000000000000750996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bde8158aa2fc022021-12-20 15:52:53.425root 11241100x8000000000000000750997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451d614c4e9b7f5d2021-12-20 15:52:53.425root 11241100x8000000000000000750998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb7c26d3694de452021-12-20 15:52:53.425root 11241100x8000000000000000750999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b82caf4e7b27d92021-12-20 15:52:53.425root 11241100x8000000000000000751000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff2bd62c44ae0be2021-12-20 15:52:53.426root 11241100x8000000000000000751001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305eab9e2ed972ad2021-12-20 15:52:53.426root 11241100x8000000000000000751002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce6a29f3c7e35862021-12-20 15:52:53.426root 11241100x8000000000000000751003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5a710dd59670462021-12-20 15:52:53.426root 11241100x8000000000000000751004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c3382a3dcc85772021-12-20 15:52:53.924root 11241100x8000000000000000751005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3b89c964b69aae2021-12-20 15:52:53.924root 11241100x8000000000000000751006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f047cdc5d9978d2021-12-20 15:52:53.924root 11241100x8000000000000000751007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff7df3b3a2d24452021-12-20 15:52:53.924root 11241100x8000000000000000751008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2285e4c882a494b42021-12-20 15:52:53.924root 11241100x8000000000000000751009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105b92ac5fc0f452021-12-20 15:52:53.924root 11241100x8000000000000000751010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be99ecde5e562ddd2021-12-20 15:52:53.925root 11241100x8000000000000000751011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99d7db0a0f59ba62021-12-20 15:52:53.925root 11241100x8000000000000000751012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aea484b8378c0882021-12-20 15:52:53.925root 11241100x8000000000000000751013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b858bfe6ca55d92021-12-20 15:52:53.925root 11241100x8000000000000000751014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09bc906bbb50e3b2021-12-20 15:52:53.925root 11241100x8000000000000000751015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393bfd2f1c16ee132021-12-20 15:52:53.925root 11241100x8000000000000000751016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e626c50e0fefed162021-12-20 15:52:53.925root 11241100x8000000000000000751017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac513ce567e370e2021-12-20 15:52:53.925root 11241100x8000000000000000751018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cc8b3a7f71e4bf2021-12-20 15:52:53.925root 11241100x8000000000000000751019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25130efdadc914fb2021-12-20 15:52:53.926root 11241100x8000000000000000751020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1745506451241e2021-12-20 15:52:53.926root 11241100x8000000000000000751021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f529a8f9c0a9732021-12-20 15:52:54.424root 11241100x8000000000000000751022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006d8a3f347321702021-12-20 15:52:54.424root 11241100x8000000000000000751023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c8e2ec6fd26b2c2021-12-20 15:52:54.424root 11241100x8000000000000000751024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bb112688d035b62021-12-20 15:52:54.424root 11241100x8000000000000000751025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a01eafe6abd3d5b2021-12-20 15:52:54.425root 11241100x8000000000000000751026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2888ebf79c0b820c2021-12-20 15:52:54.425root 11241100x8000000000000000751027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fe50dea8af6d012021-12-20 15:52:54.425root 11241100x8000000000000000751028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2284444069cd11a2021-12-20 15:52:54.425root 11241100x8000000000000000751029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600f3c7f47f4228c2021-12-20 15:52:54.425root 11241100x8000000000000000751030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d407438b87a450102021-12-20 15:52:54.425root 11241100x8000000000000000751031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c151e0318bc1fe62021-12-20 15:52:54.425root 11241100x8000000000000000751032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23713d6756d3b8cb2021-12-20 15:52:54.425root 11241100x8000000000000000751033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557f609041d789762021-12-20 15:52:54.425root 11241100x8000000000000000751034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30744f3471b49c762021-12-20 15:52:54.425root 11241100x8000000000000000751035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ca50c2ca7ee7a42021-12-20 15:52:54.425root 11241100x8000000000000000751036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518009b8a6c254552021-12-20 15:52:54.425root 11241100x8000000000000000751037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efcc8982a4ff5dc2021-12-20 15:52:54.425root 11241100x8000000000000000751038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9915357cc0cea1c12021-12-20 15:52:54.924root 11241100x8000000000000000751039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34448c7c0b1209a2021-12-20 15:52:54.924root 11241100x8000000000000000751040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91a15a30502a3802021-12-20 15:52:54.924root 11241100x8000000000000000751041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c297866ec6f65fa82021-12-20 15:52:54.924root 11241100x8000000000000000751042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ddf3a41a6bdb3d2021-12-20 15:52:54.924root 11241100x8000000000000000751043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5757fbacc88950712021-12-20 15:52:54.924root 11241100x8000000000000000751044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2dac90fc447d0b2021-12-20 15:52:54.924root 11241100x8000000000000000751045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce8fbd8a9f819522021-12-20 15:52:54.924root 11241100x8000000000000000751046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d759abc76d228ee2021-12-20 15:52:54.925root 11241100x8000000000000000751047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a35c2749b99a0e2021-12-20 15:52:54.925root 11241100x8000000000000000751048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a99b8f55c8bebd2021-12-20 15:52:54.925root 11241100x8000000000000000751049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c5ddc47d80231b2021-12-20 15:52:54.925root 11241100x8000000000000000751050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c0d4f4d9f433e92021-12-20 15:52:54.925root 11241100x8000000000000000751051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b10fe9e6ac51cd2021-12-20 15:52:54.925root 11241100x8000000000000000751052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aab59107d5805822021-12-20 15:52:54.925root 11241100x8000000000000000751053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c8ab40356c81b72021-12-20 15:52:54.925root 11241100x8000000000000000751054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b11a3a3dd68f8f2021-12-20 15:52:54.925root 354300x8000000000000000751055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.126{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51318-false10.0.1.12-8000- 11241100x8000000000000000751056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675f4d41d3a8e6692021-12-20 15:52:55.424root 11241100x8000000000000000751057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef581f8e79142c902021-12-20 15:52:55.425root 11241100x8000000000000000751058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d41fc38e7ec5422021-12-20 15:52:55.425root 11241100x8000000000000000751059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9a71793c7e81f02021-12-20 15:52:55.425root 11241100x8000000000000000751060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d578565890b6f42021-12-20 15:52:55.425root 11241100x8000000000000000751061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016361823b46d52e2021-12-20 15:52:55.425root 11241100x8000000000000000751062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d2afe3e1ffc7942021-12-20 15:52:55.425root 11241100x8000000000000000751063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46351ca5fdd3dcf2021-12-20 15:52:55.426root 11241100x8000000000000000751064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29ac73a2aa20e652021-12-20 15:52:55.426root 11241100x8000000000000000751065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69b9e3e8bcb79db2021-12-20 15:52:55.426root 11241100x8000000000000000751066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b2923f8ef8a2ed2021-12-20 15:52:55.426root 11241100x8000000000000000751067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b803a3625d169102021-12-20 15:52:55.426root 11241100x8000000000000000751068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2f60c3093c2bb92021-12-20 15:52:55.426root 11241100x8000000000000000751069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823e818dbe3e5f342021-12-20 15:52:55.426root 11241100x8000000000000000751070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7ca7dc644e08f42021-12-20 15:52:55.426root 11241100x8000000000000000751071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fc1e96218028572021-12-20 15:52:55.426root 11241100x8000000000000000751072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d88f8771152e5292021-12-20 15:52:55.426root 11241100x8000000000000000751073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63aa2ed02631e7f82021-12-20 15:52:55.426root 11241100x8000000000000000751074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbf421e69f038de2021-12-20 15:52:55.924root 11241100x8000000000000000751075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6343f9e737baa8492021-12-20 15:52:55.924root 11241100x8000000000000000751076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015e4ca126890ee02021-12-20 15:52:55.924root 11241100x8000000000000000751077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b619c13a9012f1f72021-12-20 15:52:55.924root 11241100x8000000000000000751078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bfa8c53284683c2021-12-20 15:52:55.924root 11241100x8000000000000000751079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdec99f06c724772021-12-20 15:52:55.925root 11241100x8000000000000000751080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bab9954032878b2021-12-20 15:52:55.925root 11241100x8000000000000000751081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b25ac78b198582e2021-12-20 15:52:55.925root 11241100x8000000000000000751082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5758f02940a16fee2021-12-20 15:52:55.925root 11241100x8000000000000000751083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1d6c9dcb2761672021-12-20 15:52:55.925root 11241100x8000000000000000751084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a5dc640a330bb92021-12-20 15:52:55.925root 11241100x8000000000000000751085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c96b64141ca91a12021-12-20 15:52:55.925root 11241100x8000000000000000751086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7235445b130d57922021-12-20 15:52:55.925root 11241100x8000000000000000751087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b8cce2dafbf0a52021-12-20 15:52:55.925root 11241100x8000000000000000751088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fb1ace6d45be702021-12-20 15:52:55.925root 11241100x8000000000000000751089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2ab844bb18d6fe2021-12-20 15:52:55.926root 11241100x8000000000000000751090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fb9ca4264700182021-12-20 15:52:55.926root 11241100x8000000000000000751091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d28c7d554787ec2021-12-20 15:52:55.926root 11241100x8000000000000000751092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b32ff6264656982021-12-20 15:52:55.926root 11241100x8000000000000000751093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66a0998b28a09342021-12-20 15:52:56.424root 11241100x8000000000000000751094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b518d87f52826072021-12-20 15:52:56.424root 11241100x8000000000000000751095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2814e44fcd4c13c2021-12-20 15:52:56.424root 11241100x8000000000000000751096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4891d846a7373962021-12-20 15:52:56.424root 11241100x8000000000000000751097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa925480fbac38a52021-12-20 15:52:56.424root 11241100x8000000000000000751098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793021399282197e2021-12-20 15:52:56.424root 11241100x8000000000000000751099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce8fd435c776d6c2021-12-20 15:52:56.424root 11241100x8000000000000000751100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eaac097e6bee232021-12-20 15:52:56.424root 11241100x8000000000000000751101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c824861413a66592021-12-20 15:52:56.425root 11241100x8000000000000000751102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c460c1342ef05952021-12-20 15:52:56.425root 11241100x8000000000000000751103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4dd3e2bae4ae352021-12-20 15:52:56.425root 11241100x8000000000000000751104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bab2734c436add42021-12-20 15:52:56.425root 11241100x8000000000000000751105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17f13eed35613832021-12-20 15:52:56.425root 11241100x8000000000000000751106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca874e86123213a2021-12-20 15:52:56.425root 11241100x8000000000000000751107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df43cff9fb76efe72021-12-20 15:52:56.425root 11241100x8000000000000000751108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8191a7f680d0166f2021-12-20 15:52:56.425root 11241100x8000000000000000751109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb05504cfa0b9332021-12-20 15:52:56.425root 11241100x8000000000000000751110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f653d691e4a91f2021-12-20 15:52:56.425root 11241100x8000000000000000751111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360c202414a796882021-12-20 15:52:56.425root 11241100x8000000000000000751112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3b4c7681f7da8e2021-12-20 15:52:56.426root 11241100x8000000000000000751113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780607a4e18b0ecd2021-12-20 15:52:56.426root 11241100x8000000000000000751114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0f3ae1646227ef2021-12-20 15:52:56.924root 11241100x8000000000000000751115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8f9a00674895282021-12-20 15:52:56.924root 11241100x8000000000000000751116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109bf17bab043dad2021-12-20 15:52:56.924root 11241100x8000000000000000751117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d5260879fae9782021-12-20 15:52:56.924root 11241100x8000000000000000751118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144ba75a4af6c7472021-12-20 15:52:56.924root 11241100x8000000000000000751119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a75b04ebc9a0ec2021-12-20 15:52:56.925root 11241100x8000000000000000751120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c97e21e5dce0df2021-12-20 15:52:56.925root 11241100x8000000000000000751121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53488319ea465b32021-12-20 15:52:56.925root 11241100x8000000000000000751122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3bfec679f3bfa92021-12-20 15:52:56.925root 11241100x8000000000000000751123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618ab16dc1ae557d2021-12-20 15:52:56.925root 11241100x8000000000000000751124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a5eaa29d34fc8d2021-12-20 15:52:56.925root 11241100x8000000000000000751125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50973c376e334d0b2021-12-20 15:52:56.925root 11241100x8000000000000000751126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b456c61d68c82c2021-12-20 15:52:56.925root 11241100x8000000000000000751127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c28df8f18702d372021-12-20 15:52:56.925root 11241100x8000000000000000751128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034defeb2cc967e42021-12-20 15:52:56.925root 11241100x8000000000000000751129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549ab53ae328ba0e2021-12-20 15:52:56.926root 11241100x8000000000000000751130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a41de540da5c1bb2021-12-20 15:52:56.926root 11241100x8000000000000000751131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934880318286ad9d2021-12-20 15:52:56.926root 11241100x8000000000000000751132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8d9d7cbc2063f82021-12-20 15:52:57.424root 11241100x8000000000000000751133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fbab826ce58a162021-12-20 15:52:57.424root 11241100x8000000000000000751134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bb6441a1bd98772021-12-20 15:52:57.424root 11241100x8000000000000000751135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ab4de64f7f59f72021-12-20 15:52:57.424root 11241100x8000000000000000751136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf2719529838f9f2021-12-20 15:52:57.424root 11241100x8000000000000000751137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c096d46f9c29e382021-12-20 15:52:57.425root 11241100x8000000000000000751138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475719037682194a2021-12-20 15:52:57.425root 11241100x8000000000000000751139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a767ded32249fb2021-12-20 15:52:57.425root 11241100x8000000000000000751140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2ee695576d39022021-12-20 15:52:57.425root 11241100x8000000000000000751141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf3a91194a4f00e2021-12-20 15:52:57.425root 11241100x8000000000000000751142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afda4611bc2e55b32021-12-20 15:52:57.425root 11241100x8000000000000000751143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a11d203c9a882072021-12-20 15:52:57.425root 11241100x8000000000000000751144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec3c67efbfb34542021-12-20 15:52:57.425root 11241100x8000000000000000751145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8b9758d378945b2021-12-20 15:52:57.425root 11241100x8000000000000000751146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7405655bc9c15022021-12-20 15:52:57.425root 11241100x8000000000000000751147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d97ef58ced481a2021-12-20 15:52:57.426root 11241100x8000000000000000751148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9955ae2d3a852e2021-12-20 15:52:57.426root 11241100x8000000000000000751149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53da43a2e5e0e062021-12-20 15:52:57.426root 11241100x8000000000000000751150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbd10c6ce19b0472021-12-20 15:52:57.426root 11241100x8000000000000000751151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a497c24a9b93cfe92021-12-20 15:52:57.426root 11241100x8000000000000000751152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb454f5e1041e22021-12-20 15:52:57.924root 11241100x8000000000000000751153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a395187ff78a724f2021-12-20 15:52:57.924root 11241100x8000000000000000751154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77ebf4d0b35a0512021-12-20 15:52:57.924root 11241100x8000000000000000751155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7f5746fdcbc9802021-12-20 15:52:57.924root 11241100x8000000000000000751156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b78b5dd0a0ef4232021-12-20 15:52:57.924root 11241100x8000000000000000751157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1242a1192014232021-12-20 15:52:57.925root 11241100x8000000000000000751158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48e0106251407d12021-12-20 15:52:57.925root 11241100x8000000000000000751159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953f84a68a03cbb52021-12-20 15:52:57.925root 11241100x8000000000000000751160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377bbf64888ed4e82021-12-20 15:52:57.925root 11241100x8000000000000000751161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394fcb5f169980602021-12-20 15:52:57.925root 11241100x8000000000000000751162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6516f76dc30dbf112021-12-20 15:52:57.925root 11241100x8000000000000000751163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e40e6ca1f33a52a2021-12-20 15:52:57.925root 11241100x8000000000000000751164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f88dc84170b5022021-12-20 15:52:57.925root 11241100x8000000000000000751165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598a9a12213628a72021-12-20 15:52:57.925root 11241100x8000000000000000751166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4367014546ff4972021-12-20 15:52:57.925root 11241100x8000000000000000751167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df37f788b8df0de2021-12-20 15:52:57.926root 11241100x8000000000000000751168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8a5519f17713232021-12-20 15:52:57.926root 11241100x8000000000000000751169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3fbd28814436f12021-12-20 15:52:57.926root 11241100x8000000000000000751170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d84c7391d5a2382021-12-20 15:52:58.424root 11241100x8000000000000000751171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a8fbd27fd094152021-12-20 15:52:58.424root 11241100x8000000000000000751172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68ac476af13c8802021-12-20 15:52:58.424root 11241100x8000000000000000751173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e284847a800f15b2021-12-20 15:52:58.424root 11241100x8000000000000000751174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35f48bac2eb8cdb2021-12-20 15:52:58.425root 11241100x8000000000000000751175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f563f48cdca2be72021-12-20 15:52:58.425root 11241100x8000000000000000751176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d506bcc870c265392021-12-20 15:52:58.425root 11241100x8000000000000000751177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c5c219d67725992021-12-20 15:52:58.425root 11241100x8000000000000000751178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbb77f336464a6b2021-12-20 15:52:58.425root 11241100x8000000000000000751179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73860a3968ed00732021-12-20 15:52:58.425root 11241100x8000000000000000751180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8229276e1709afba2021-12-20 15:52:58.425root 11241100x8000000000000000751181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8256ea92780d0a2021-12-20 15:52:58.425root 11241100x8000000000000000751182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a113257573a387a2021-12-20 15:52:58.425root 11241100x8000000000000000751183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b8cfd6c456669a2021-12-20 15:52:58.425root 11241100x8000000000000000751184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e679a00d1261a92f2021-12-20 15:52:58.425root 11241100x8000000000000000751185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894a482b2354e7782021-12-20 15:52:58.426root 11241100x8000000000000000751186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009c3e966bdc50502021-12-20 15:52:58.426root 11241100x8000000000000000751187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483d0c82483367752021-12-20 15:52:58.426root 11241100x8000000000000000751188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f1e43f981a6ea82021-12-20 15:52:58.924root 11241100x8000000000000000751189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8e18ce9ed5fa272021-12-20 15:52:58.924root 11241100x8000000000000000751190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bbddce7516ec832021-12-20 15:52:58.924root 11241100x8000000000000000751191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab9cadda44d81cb2021-12-20 15:52:58.924root 11241100x8000000000000000751192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2284770cbb024e02021-12-20 15:52:58.924root 11241100x8000000000000000751193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dec0e42abb29e4c2021-12-20 15:52:58.924root 11241100x8000000000000000751194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f646b28145b29d62021-12-20 15:52:58.924root 11241100x8000000000000000751195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea433fdcbf7173f2021-12-20 15:52:58.925root 11241100x8000000000000000751196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2119fd3b2659faad2021-12-20 15:52:58.925root 11241100x8000000000000000751197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803436d16c6cf8e62021-12-20 15:52:58.925root 11241100x8000000000000000751198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87432c0261f1d1482021-12-20 15:52:58.925root 11241100x8000000000000000751199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cbc57e88b68c932021-12-20 15:52:58.925root 11241100x8000000000000000751200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5f99149de067aa2021-12-20 15:52:58.926root 11241100x8000000000000000751201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd7b6ef557fb3642021-12-20 15:52:58.926root 11241100x8000000000000000751202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0b0b38352c8dab2021-12-20 15:52:58.926root 11241100x8000000000000000751203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059bd283dcedae5e2021-12-20 15:52:58.926root 11241100x8000000000000000751204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254bdd8e4bce5e692021-12-20 15:52:58.926root 11241100x8000000000000000751205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b242e5ea42de2d412021-12-20 15:52:58.926root 11241100x8000000000000000751206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a27cfc534c6b462021-12-20 15:52:58.926root 11241100x8000000000000000751207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736d359036d2aee32021-12-20 15:52:58.926root 11241100x8000000000000000751208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c438ea6582e064d02021-12-20 15:52:58.927root 11241100x8000000000000000751209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7862d2d1157f1e112021-12-20 15:52:58.927root 11241100x8000000000000000751210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad4b4e3ba5a99a02021-12-20 15:52:58.927root 11241100x8000000000000000751211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e01161f4054ba52021-12-20 15:52:58.927root 11241100x8000000000000000751212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc96660c0c95a1c2021-12-20 15:52:58.927root 11241100x8000000000000000751213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47e5e12d779b06b2021-12-20 15:52:58.927root 11241100x8000000000000000751214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f40b75288bd41022021-12-20 15:52:58.927root 11241100x8000000000000000751215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0412121cc3fdd262021-12-20 15:52:58.927root 11241100x8000000000000000751216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069a4b05072146722021-12-20 15:52:58.927root 11241100x8000000000000000751217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b9d778fbc0d39d2021-12-20 15:52:58.927root 11241100x8000000000000000751218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3a9380252889d52021-12-20 15:52:58.928root 11241100x8000000000000000751219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84354126d6cbfeb62021-12-20 15:52:58.928root 11241100x8000000000000000751220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ecc5cd577645fc2021-12-20 15:52:58.928root 11241100x8000000000000000751221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b0704a35e9f72b2021-12-20 15:52:58.931root 11241100x8000000000000000751222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cc0eaf61b42d282021-12-20 15:52:58.931root 11241100x8000000000000000751223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0ea16fb51153922021-12-20 15:52:58.931root 11241100x8000000000000000751224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f8c7a98483267c2021-12-20 15:52:58.931root 11241100x8000000000000000751225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c81bb007be7d952021-12-20 15:52:58.931root 11241100x8000000000000000751226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c95b3a4fa3521c32021-12-20 15:52:58.932root 11241100x8000000000000000751227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e3c491099fbb542021-12-20 15:52:58.932root 11241100x8000000000000000751228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7f420d9e0aec182021-12-20 15:52:58.932root 11241100x8000000000000000751229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c03a034a2885542021-12-20 15:52:58.932root 11241100x8000000000000000751230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a29a2f32c5ccc92021-12-20 15:52:58.932root 11241100x8000000000000000751231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f97aecf5dbf75b2021-12-20 15:52:58.932root 11241100x8000000000000000751232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2635fd838f3013e2021-12-20 15:52:58.932root 11241100x8000000000000000751233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37221c53a741a1e2021-12-20 15:52:59.424root 11241100x8000000000000000751234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c3a7716537cf2c2021-12-20 15:52:59.424root 11241100x8000000000000000751235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb21c009ce7932d2021-12-20 15:52:59.424root 11241100x8000000000000000751236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4a152b4189133d2021-12-20 15:52:59.424root 11241100x8000000000000000751237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce07450d86954bd22021-12-20 15:52:59.425root 11241100x8000000000000000751238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e794be0ab472bf22021-12-20 15:52:59.425root 11241100x8000000000000000751239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49e24a4e9fd65de2021-12-20 15:52:59.425root 11241100x8000000000000000751240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160a40b03bae4d9f2021-12-20 15:52:59.425root 11241100x8000000000000000751241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d266c91f46631fa12021-12-20 15:52:59.425root 11241100x8000000000000000751242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f742851c1522412021-12-20 15:52:59.425root 11241100x8000000000000000751243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a57be99df9b2db42021-12-20 15:52:59.425root 11241100x8000000000000000751244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd13834a0e2e0bc22021-12-20 15:52:59.425root 11241100x8000000000000000751245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70210a51c75ecf2d2021-12-20 15:52:59.425root 11241100x8000000000000000751246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860c24e77fcb3c672021-12-20 15:52:59.425root 11241100x8000000000000000751247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4151216af9c37b392021-12-20 15:52:59.425root 11241100x8000000000000000751248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec28e5552e561d042021-12-20 15:52:59.425root 11241100x8000000000000000751249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833aa22abee2140d2021-12-20 15:52:59.425root 11241100x8000000000000000751250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffac13875f1d4e62021-12-20 15:52:59.425root 11241100x8000000000000000751251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bc9b2059fb034a2021-12-20 15:52:59.924root 11241100x8000000000000000751252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3877d6db8c82adc2021-12-20 15:52:59.924root 11241100x8000000000000000751253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e6a916207156052021-12-20 15:52:59.924root 11241100x8000000000000000751254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a29fb792f8b6fe42021-12-20 15:52:59.924root 11241100x8000000000000000751255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc4a76f45bbe3b72021-12-20 15:52:59.924root 11241100x8000000000000000751256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0696d809f928d7f82021-12-20 15:52:59.925root 11241100x8000000000000000751257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885f978755f713db2021-12-20 15:52:59.925root 11241100x8000000000000000751258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07915b17021ab71d2021-12-20 15:52:59.925root 11241100x8000000000000000751259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764a270c0c8f1e252021-12-20 15:52:59.925root 11241100x8000000000000000751260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3ad0d3c2fa9ce42021-12-20 15:52:59.925root 11241100x8000000000000000751261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cc71d4dd2099dd2021-12-20 15:52:59.925root 11241100x8000000000000000751262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f49ae08337d7a1a2021-12-20 15:52:59.925root 11241100x8000000000000000751263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2588c508fc50ffb92021-12-20 15:52:59.925root 11241100x8000000000000000751264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe57de02a29e8aef2021-12-20 15:52:59.925root 11241100x8000000000000000751265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a687c30915cde242021-12-20 15:52:59.925root 11241100x8000000000000000751266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652202e2e007aabd2021-12-20 15:52:59.926root 11241100x8000000000000000751267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b78c534be4db2e2021-12-20 15:52:59.926root 11241100x8000000000000000751268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5bf3b642236c242021-12-20 15:52:59.926root 11241100x8000000000000000751269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aefe8fa33716e52021-12-20 15:53:00.424root 11241100x8000000000000000751270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b4ff9b70997ed02021-12-20 15:53:00.424root 11241100x8000000000000000751271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4e3c7c9c9b43462021-12-20 15:53:00.424root 11241100x8000000000000000751272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2af18c250a8a0e2021-12-20 15:53:00.424root 11241100x8000000000000000751273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642d5e8898d9154f2021-12-20 15:53:00.424root 11241100x8000000000000000751274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198cac27206dd2d82021-12-20 15:53:00.425root 11241100x8000000000000000751275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e3da60ae00b4992021-12-20 15:53:00.425root 11241100x8000000000000000751276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19cf83109a829df2021-12-20 15:53:00.425root 11241100x8000000000000000751277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b249c5b22b2e6752021-12-20 15:53:00.425root 11241100x8000000000000000751278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5623438c4ed48ea42021-12-20 15:53:00.425root 11241100x8000000000000000751279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cfda68fdf1c08c2021-12-20 15:53:00.425root 11241100x8000000000000000751280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dce5521370889f2021-12-20 15:53:00.425root 11241100x8000000000000000751281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88019221f231c7552021-12-20 15:53:00.425root 11241100x8000000000000000751282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2442970fa73ed32021-12-20 15:53:00.426root 11241100x8000000000000000751283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d86a6fd5bf52bad2021-12-20 15:53:00.426root 11241100x8000000000000000751284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0727047fe98db46d2021-12-20 15:53:00.426root 11241100x8000000000000000751285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6855bdf8e998d9c22021-12-20 15:53:00.426root 11241100x8000000000000000751286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6738d547fea694a72021-12-20 15:53:00.426root 11241100x8000000000000000751287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea854d133689bf982021-12-20 15:53:00.924root 11241100x8000000000000000751288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729c9dd3593037792021-12-20 15:53:00.924root 11241100x8000000000000000751289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ecf083ad6ca7b62021-12-20 15:53:00.924root 11241100x8000000000000000751290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f1918fb09b4d072021-12-20 15:53:00.924root 11241100x8000000000000000751291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e23c6249e9be1ec2021-12-20 15:53:00.925root 11241100x8000000000000000751292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79daaea373bab7142021-12-20 15:53:00.925root 11241100x8000000000000000751293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ddfe2cdcbce58b2021-12-20 15:53:00.925root 11241100x8000000000000000751294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55411a477c6c14602021-12-20 15:53:00.925root 11241100x8000000000000000751295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1c9fb9936026d62021-12-20 15:53:00.925root 11241100x8000000000000000751296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc05a9f17fc56ba2021-12-20 15:53:00.925root 11241100x8000000000000000751297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ebd0c5e0bed44e2021-12-20 15:53:00.925root 11241100x8000000000000000751298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fce75ec79af8392021-12-20 15:53:00.925root 11241100x8000000000000000751299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32429e0324aca6502021-12-20 15:53:00.925root 11241100x8000000000000000751300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5428c1114301ac2021-12-20 15:53:00.925root 11241100x8000000000000000751301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa04f06339cedb032021-12-20 15:53:00.925root 11241100x8000000000000000751302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0c28f1bb0f8e862021-12-20 15:53:00.925root 11241100x8000000000000000751303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45ffd1860e523332021-12-20 15:53:00.925root 11241100x8000000000000000751304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362f7c9e0779e3982021-12-20 15:53:00.925root 354300x8000000000000000751305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.082{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51320-false10.0.1.12-8000- 11241100x8000000000000000751306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c30e091b00f115a2021-12-20 15:53:01.424root 11241100x8000000000000000751307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca1259c01e337ba2021-12-20 15:53:01.424root 11241100x8000000000000000751308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd00ac259438c332021-12-20 15:53:01.424root 11241100x8000000000000000751309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94017e3d475fa96d2021-12-20 15:53:01.424root 11241100x8000000000000000751310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51960201003238a2021-12-20 15:53:01.424root 11241100x8000000000000000751311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a195cb49d849fe902021-12-20 15:53:01.424root 11241100x8000000000000000751312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eb8178d21a2f8a2021-12-20 15:53:01.425root 11241100x8000000000000000751313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580c1074f75270c02021-12-20 15:53:01.425root 11241100x8000000000000000751314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d657f53c7834ce992021-12-20 15:53:01.425root 11241100x8000000000000000751315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2321dd8b94ca0b652021-12-20 15:53:01.425root 11241100x8000000000000000751316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c6f2666a0e17692021-12-20 15:53:01.425root 11241100x8000000000000000751317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2aa5b279b842b5e2021-12-20 15:53:01.425root 11241100x8000000000000000751318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c71caffc6f00a6a2021-12-20 15:53:01.425root 11241100x8000000000000000751319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80fbd0fe5a27bdd2021-12-20 15:53:01.425root 11241100x8000000000000000751320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a2cdf21b7263c32021-12-20 15:53:01.426root 11241100x8000000000000000751321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fcd8e7e2016df62021-12-20 15:53:01.426root 11241100x8000000000000000751322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d3b60c47e9ff902021-12-20 15:53:01.426root 11241100x8000000000000000751323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d832b4db6cf295d2021-12-20 15:53:01.426root 11241100x8000000000000000751324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b9cc8daf731f9b2021-12-20 15:53:01.426root 11241100x8000000000000000751325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81061508c41f409e2021-12-20 15:53:01.924root 11241100x8000000000000000751326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0cb468329488632021-12-20 15:53:01.924root 11241100x8000000000000000751327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807739928c031c992021-12-20 15:53:01.924root 11241100x8000000000000000751328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aca756a94a0e452021-12-20 15:53:01.924root 11241100x8000000000000000751329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c42ab7e4dca5c822021-12-20 15:53:01.924root 11241100x8000000000000000751330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f49ec7eb913e242021-12-20 15:53:01.924root 11241100x8000000000000000751331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b76b20279d82c802021-12-20 15:53:01.924root 11241100x8000000000000000751332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae4957517f5c2692021-12-20 15:53:01.924root 11241100x8000000000000000751333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90689c9477d2b6472021-12-20 15:53:01.925root 11241100x8000000000000000751334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1b2b1724b8da1f2021-12-20 15:53:01.925root 11241100x8000000000000000751335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c709f307d7dc56842021-12-20 15:53:01.925root 11241100x8000000000000000751336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c8bd387bba7f942021-12-20 15:53:01.925root 11241100x8000000000000000751337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2298955501d06a72021-12-20 15:53:01.925root 11241100x8000000000000000751338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f93168af431ef6d2021-12-20 15:53:01.925root 11241100x8000000000000000751339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a745e26e413c5e2021-12-20 15:53:01.925root 11241100x8000000000000000751340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506d046fe6ef760f2021-12-20 15:53:01.925root 11241100x8000000000000000751341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab61a6aab4f46d062021-12-20 15:53:01.925root 11241100x8000000000000000751342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1335c064f4a8e92021-12-20 15:53:01.925root 11241100x8000000000000000751343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56de5bf65ba863572021-12-20 15:53:01.926root 11241100x8000000000000000751344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c77529cef634ce2021-12-20 15:53:01.926root 11241100x8000000000000000751345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1693ca1f3dd89c1f2021-12-20 15:53:02.424root 11241100x8000000000000000751346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee416b9d4653c942021-12-20 15:53:02.424root 11241100x8000000000000000751347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b29bd8a017fdd92021-12-20 15:53:02.424root 11241100x8000000000000000751348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce844672dd81d672021-12-20 15:53:02.424root 11241100x8000000000000000751349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55131906d1ba55d62021-12-20 15:53:02.425root 11241100x8000000000000000751350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef49c930cb937672021-12-20 15:53:02.425root 11241100x8000000000000000751351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885fcd059bc133912021-12-20 15:53:02.425root 11241100x8000000000000000751352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2305d63a5f5c2c2021-12-20 15:53:02.425root 11241100x8000000000000000751353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e14c0b82a0a41962021-12-20 15:53:02.425root 11241100x8000000000000000751354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5459ca13b4c5b412021-12-20 15:53:02.425root 11241100x8000000000000000751355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3016a209ea9eb962021-12-20 15:53:02.425root 11241100x8000000000000000751356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cec216519a85742021-12-20 15:53:02.425root 11241100x8000000000000000751357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb664866d79bd3b32021-12-20 15:53:02.425root 11241100x8000000000000000751358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fc36cf78f05f592021-12-20 15:53:02.425root 11241100x8000000000000000751359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c2fbaf29767a712021-12-20 15:53:02.425root 11241100x8000000000000000751360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd265dfc7c19a262021-12-20 15:53:02.425root 11241100x8000000000000000751361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cc6278716662d12021-12-20 15:53:02.425root 11241100x8000000000000000751362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0aed579deb73ad2021-12-20 15:53:02.425root 11241100x8000000000000000751363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03c49d037796a872021-12-20 15:53:02.425root 11241100x8000000000000000751364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3994d1894cf4d5a22021-12-20 15:53:02.924root 11241100x8000000000000000751365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb791406adf48822021-12-20 15:53:02.924root 11241100x8000000000000000751366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a852f611db2aaa52021-12-20 15:53:02.924root 11241100x8000000000000000751367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e06b1844f4acc62021-12-20 15:53:02.925root 11241100x8000000000000000751368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270548e59dc76ca42021-12-20 15:53:02.925root 11241100x8000000000000000751369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad06479a58493eca2021-12-20 15:53:02.925root 11241100x8000000000000000751370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c4f1d646a720242021-12-20 15:53:02.925root 11241100x8000000000000000751371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8319c3f8df92862021-12-20 15:53:02.925root 11241100x8000000000000000751372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef28b7f69e3f86b32021-12-20 15:53:02.925root 11241100x8000000000000000751373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e941c073c5b2fc352021-12-20 15:53:02.925root 11241100x8000000000000000751374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb5a95a65e4e6db2021-12-20 15:53:02.925root 11241100x8000000000000000751375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7647326b406465fd2021-12-20 15:53:02.925root 11241100x8000000000000000751376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649917e9d1ad8cd22021-12-20 15:53:02.925root 11241100x8000000000000000751377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210eea97e0365b3a2021-12-20 15:53:02.925root 11241100x8000000000000000751378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75806e43c35e3f312021-12-20 15:53:02.925root 11241100x8000000000000000751379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115d2446bee344912021-12-20 15:53:02.925root 11241100x8000000000000000751380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e96d1c029ad1792021-12-20 15:53:02.925root 11241100x8000000000000000751381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4616cd05527a59022021-12-20 15:53:02.925root 11241100x8000000000000000751382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198c901ed7abd8442021-12-20 15:53:02.926root 11241100x8000000000000000751383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032a61bb55a8a50c2021-12-20 15:53:03.424root 11241100x8000000000000000751384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20214dc991a3eff2021-12-20 15:53:03.424root 11241100x8000000000000000751385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fdfaa2a33d67a32021-12-20 15:53:03.424root 11241100x8000000000000000751386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851558d75664053a2021-12-20 15:53:03.424root 11241100x8000000000000000751387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65bfe416131c8a22021-12-20 15:53:03.425root 11241100x8000000000000000751388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d193c8035c6d012c2021-12-20 15:53:03.425root 11241100x8000000000000000751389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3db50e164a51e242021-12-20 15:53:03.425root 11241100x8000000000000000751390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baca40432455717c2021-12-20 15:53:03.425root 11241100x8000000000000000751391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1c56ed789afc552021-12-20 15:53:03.425root 11241100x8000000000000000751392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8851bbebe00ea7ff2021-12-20 15:53:03.425root 11241100x8000000000000000751393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a886db110135cbe22021-12-20 15:53:03.425root 11241100x8000000000000000751394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a067ceb5b1ca5e32021-12-20 15:53:03.425root 11241100x8000000000000000751395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4771a015761ba42021-12-20 15:53:03.425root 11241100x8000000000000000751396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e665387e68d4c46d2021-12-20 15:53:03.425root 11241100x8000000000000000751397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9525efc27d1a98de2021-12-20 15:53:03.425root 11241100x8000000000000000751398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8465666343855a52021-12-20 15:53:03.425root 11241100x8000000000000000751399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478fca2bf478f05d2021-12-20 15:53:03.425root 11241100x8000000000000000751400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c7d2213dcd25b02021-12-20 15:53:03.425root 11241100x8000000000000000751401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ae440c90fe46d32021-12-20 15:53:03.425root 11241100x8000000000000000751402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a6b565b5f3a95c2021-12-20 15:53:03.924root 11241100x8000000000000000751403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbdf832286191132021-12-20 15:53:03.924root 11241100x8000000000000000751404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282bf1d6321b37e52021-12-20 15:53:03.924root 11241100x8000000000000000751405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e99599c3b866392021-12-20 15:53:03.924root 11241100x8000000000000000751406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cbc92589c6e95f2021-12-20 15:53:03.925root 11241100x8000000000000000751407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5198832faa5f45d32021-12-20 15:53:03.925root 11241100x8000000000000000751408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af0cde0957d90ce2021-12-20 15:53:03.925root 11241100x8000000000000000751409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b134f23be6b2b82021-12-20 15:53:03.925root 11241100x8000000000000000751410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7460d92db11f9e342021-12-20 15:53:03.925root 11241100x8000000000000000751411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909ed1943cd8d38e2021-12-20 15:53:03.925root 11241100x8000000000000000751412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27bc7ae89bdf4772021-12-20 15:53:03.925root 11241100x8000000000000000751413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af587086afad240e2021-12-20 15:53:03.925root 11241100x8000000000000000751414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eee5037dc97dbd2021-12-20 15:53:03.925root 11241100x8000000000000000751415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c9862eaa4e26802021-12-20 15:53:03.925root 11241100x8000000000000000751416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696309cdc1a84a892021-12-20 15:53:03.925root 11241100x8000000000000000751417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45843bfceb12c5162021-12-20 15:53:03.925root 11241100x8000000000000000751418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6346cc8767e47c9d2021-12-20 15:53:03.925root 11241100x8000000000000000751419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c127234e8461f1b2021-12-20 15:53:03.925root 11241100x8000000000000000751420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d11ab951f439fe2021-12-20 15:53:03.925root 11241100x8000000000000000751421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f302b7b315205922021-12-20 15:53:04.424root 11241100x8000000000000000751422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2cbc4ca3cde07e2021-12-20 15:53:04.424root 11241100x8000000000000000751423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e35edc0ebd5a1f22021-12-20 15:53:04.424root 11241100x8000000000000000751424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d117cbfd8600c35d2021-12-20 15:53:04.424root 11241100x8000000000000000751425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bb592d362989632021-12-20 15:53:04.425root 11241100x8000000000000000751426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c9fa1ef70070432021-12-20 15:53:04.425root 11241100x8000000000000000751427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c041635cdb67422021-12-20 15:53:04.425root 11241100x8000000000000000751428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bc9eceb69058782021-12-20 15:53:04.425root 11241100x8000000000000000751429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fe8ebb8a37b2512021-12-20 15:53:04.425root 11241100x8000000000000000751430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e0db09cafef22f2021-12-20 15:53:04.425root 11241100x8000000000000000751431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eca136c40eec1692021-12-20 15:53:04.425root 11241100x8000000000000000751432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be1956e04bf64772021-12-20 15:53:04.425root 11241100x8000000000000000751433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026f093b9aafb7a02021-12-20 15:53:04.425root 11241100x8000000000000000751434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a405a8598e5587f32021-12-20 15:53:04.426root 11241100x8000000000000000751435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646a3ca42791ef5e2021-12-20 15:53:04.426root 11241100x8000000000000000751436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d1d20492f5dac82021-12-20 15:53:04.426root 11241100x8000000000000000751437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2937bee20962ee2021-12-20 15:53:04.426root 11241100x8000000000000000751438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884b3d9075e641752021-12-20 15:53:04.426root 11241100x8000000000000000751439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d3c0a1a27ce18e2021-12-20 15:53:04.426root 11241100x8000000000000000751440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e7f68da76989942021-12-20 15:53:04.924root 11241100x8000000000000000751441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953180f273e041f02021-12-20 15:53:04.924root 11241100x8000000000000000751442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd420630b07feae2021-12-20 15:53:04.924root 11241100x8000000000000000751443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe408e5f8b6554132021-12-20 15:53:04.924root 11241100x8000000000000000751444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83b8f55085806772021-12-20 15:53:04.924root 11241100x8000000000000000751445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d72d17b41f1ad52021-12-20 15:53:04.925root 11241100x8000000000000000751446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2512d8e261b76fde2021-12-20 15:53:04.925root 11241100x8000000000000000751447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9727988a020959922021-12-20 15:53:04.925root 11241100x8000000000000000751448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a71f1cc801c2352021-12-20 15:53:04.925root 11241100x8000000000000000751449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05ca1824f1814c32021-12-20 15:53:04.925root 11241100x8000000000000000751450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54c95859b3558eb2021-12-20 15:53:04.925root 11241100x8000000000000000751451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e60ff38d87a1732021-12-20 15:53:04.925root 11241100x8000000000000000751452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0d8cf15d7e15292021-12-20 15:53:04.925root 11241100x8000000000000000751453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d19070e042a05a82021-12-20 15:53:04.925root 11241100x8000000000000000751454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4699a7ad7a4065b12021-12-20 15:53:04.926root 11241100x8000000000000000751455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cf60100df215792021-12-20 15:53:04.926root 11241100x8000000000000000751456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a930d78b7bd49d12021-12-20 15:53:04.926root 11241100x8000000000000000751457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01361ca5e3fd64342021-12-20 15:53:04.926root 11241100x8000000000000000751458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05b514c7b14408f2021-12-20 15:53:04.926root 11241100x8000000000000000751459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd7ea549a2cd3242021-12-20 15:53:05.424root 11241100x8000000000000000751460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c1b08fc175e10f2021-12-20 15:53:05.424root 11241100x8000000000000000751461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed99baf5e878b5f32021-12-20 15:53:05.424root 11241100x8000000000000000751462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3923817ce36094f02021-12-20 15:53:05.424root 11241100x8000000000000000751463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74bcca6bee4a8f32021-12-20 15:53:05.425root 11241100x8000000000000000751464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faafc5efc08ed492021-12-20 15:53:05.425root 11241100x8000000000000000751465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc66fbdb27b51f92021-12-20 15:53:05.425root 11241100x8000000000000000751466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1adb743f1657bc22021-12-20 15:53:05.425root 11241100x8000000000000000751467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4595bccf29b951312021-12-20 15:53:05.425root 11241100x8000000000000000751468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164d60188ce885f82021-12-20 15:53:05.425root 11241100x8000000000000000751469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17365c1aae3c1a22021-12-20 15:53:05.425root 11241100x8000000000000000751470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ab2c4ca3ea20e72021-12-20 15:53:05.426root 11241100x8000000000000000751471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6063ff560edbd02021-12-20 15:53:05.426root 11241100x8000000000000000751472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb400f6e74cacd202021-12-20 15:53:05.426root 11241100x8000000000000000751473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17aa9717c82c00a82021-12-20 15:53:05.426root 11241100x8000000000000000751474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beff11d8bd36f56a2021-12-20 15:53:05.426root 11241100x8000000000000000751475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f94a5d9eb0bfe92021-12-20 15:53:05.426root 11241100x8000000000000000751476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35ba32dda43b94a2021-12-20 15:53:05.426root 11241100x8000000000000000751477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06373b2f307b7a3d2021-12-20 15:53:05.426root 11241100x8000000000000000751478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca953c89105d2322021-12-20 15:53:05.924root 11241100x8000000000000000751479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a82ab143c4e29892021-12-20 15:53:05.924root 11241100x8000000000000000751480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da6c1735b7f4ea22021-12-20 15:53:05.924root 11241100x8000000000000000751481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c18c179924829d02021-12-20 15:53:05.924root 11241100x8000000000000000751482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4363ab3d0b2d4f4f2021-12-20 15:53:05.925root 11241100x8000000000000000751483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98162d2e45991a172021-12-20 15:53:05.925root 11241100x8000000000000000751484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d53dcd4709717e22021-12-20 15:53:05.925root 11241100x8000000000000000751485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d65052221f941532021-12-20 15:53:05.925root 11241100x8000000000000000751486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0850acd99f02cfe52021-12-20 15:53:05.925root 11241100x8000000000000000751487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00402a455e7a64442021-12-20 15:53:05.925root 11241100x8000000000000000751488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d4e0d03e1de14c2021-12-20 15:53:05.925root 11241100x8000000000000000751489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04dec7924bc904b2021-12-20 15:53:05.925root 11241100x8000000000000000751490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e581ff69fef60c522021-12-20 15:53:05.925root 11241100x8000000000000000751491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f237a9498f5e6a992021-12-20 15:53:05.925root 11241100x8000000000000000751492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856392c24852be432021-12-20 15:53:05.925root 11241100x8000000000000000751493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b6254b634901da2021-12-20 15:53:05.925root 11241100x8000000000000000751494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2061bc53b51438602021-12-20 15:53:05.925root 11241100x8000000000000000751495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33da20e17098bedc2021-12-20 15:53:05.925root 11241100x8000000000000000751496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a97304dcb40a5a2021-12-20 15:53:05.926root 11241100x8000000000000000751497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.070{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:53:06.070root 354300x8000000000000000751498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.103{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51322-false10.0.1.12-8000- 11241100x8000000000000000751499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90243c31418a51d72021-12-20 15:53:06.424root 11241100x8000000000000000751500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afd309b96128d662021-12-20 15:53:06.424root 11241100x8000000000000000751501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f81450f667e1a9c2021-12-20 15:53:06.424root 11241100x8000000000000000751502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b506c6bd13f9a42021-12-20 15:53:06.424root 11241100x8000000000000000751503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c658eb099863e62021-12-20 15:53:06.425root 11241100x8000000000000000751504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fcaa527ad9ea492021-12-20 15:53:06.425root 11241100x8000000000000000751505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bb7188726c10252021-12-20 15:53:06.425root 11241100x8000000000000000751506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6166414df1937032021-12-20 15:53:06.425root 11241100x8000000000000000751507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bb8273f3397d7f2021-12-20 15:53:06.425root 11241100x8000000000000000751508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4629b8e0535fc992021-12-20 15:53:06.425root 11241100x8000000000000000751509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d58ef05adc021e82021-12-20 15:53:06.425root 11241100x8000000000000000751510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de56f91ae76feff2021-12-20 15:53:06.425root 11241100x8000000000000000751511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc2b5762971666f2021-12-20 15:53:06.425root 11241100x8000000000000000751512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8cc692d647d2262021-12-20 15:53:06.425root 11241100x8000000000000000751513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2794cfa6712a742021-12-20 15:53:06.425root 11241100x8000000000000000751514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4965ac63178a272021-12-20 15:53:06.426root 11241100x8000000000000000751515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dbd426551c795a2021-12-20 15:53:06.426root 11241100x8000000000000000751516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e969222950ebec272021-12-20 15:53:06.426root 11241100x8000000000000000751517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06995c092d12d20d2021-12-20 15:53:06.426root 11241100x8000000000000000751518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7b812d7313a7632021-12-20 15:53:06.426root 11241100x8000000000000000751519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8b0e211ecf67ab2021-12-20 15:53:06.426root 11241100x8000000000000000751520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05a67dc935604832021-12-20 15:53:06.924root 11241100x8000000000000000751521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624d637272c8b4432021-12-20 15:53:06.924root 11241100x8000000000000000751522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2181d09a7a053e12021-12-20 15:53:06.924root 11241100x8000000000000000751523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0e3f6378788d632021-12-20 15:53:06.924root 11241100x8000000000000000751524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffce2cc363d7f0d2021-12-20 15:53:06.924root 11241100x8000000000000000751525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a01b5de333a6a22021-12-20 15:53:06.924root 11241100x8000000000000000751526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb6c9f8a16bd3372021-12-20 15:53:06.924root 11241100x8000000000000000751527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba04251e5cdd4dfb2021-12-20 15:53:06.925root 11241100x8000000000000000751528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2c4666409685352021-12-20 15:53:06.925root 11241100x8000000000000000751529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9fb879ee483ddf2021-12-20 15:53:06.925root 11241100x8000000000000000751530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f21a11a461cfd82021-12-20 15:53:06.925root 11241100x8000000000000000751531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5483c6a4c06fc1c82021-12-20 15:53:06.925root 11241100x8000000000000000751532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e913b8f8cc1207c2021-12-20 15:53:06.925root 11241100x8000000000000000751533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be81a68102922862021-12-20 15:53:06.925root 11241100x8000000000000000751534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a8f5af1cd34f782021-12-20 15:53:06.925root 11241100x8000000000000000751535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b707bb33a0b0f28d2021-12-20 15:53:06.926root 11241100x8000000000000000751536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a135b285bfc6d942021-12-20 15:53:06.926root 11241100x8000000000000000751537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c867f14381ea8152021-12-20 15:53:06.926root 11241100x8000000000000000751538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f251ae336451a7e32021-12-20 15:53:06.926root 11241100x8000000000000000751539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4927399c3dc721252021-12-20 15:53:06.926root 11241100x8000000000000000751540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987f1e0ab21022862021-12-20 15:53:06.926root 11241100x8000000000000000751541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3195c9b78b523a2021-12-20 15:53:06.926root 11241100x8000000000000000751542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c80a8820ea670492021-12-20 15:53:07.424root 11241100x8000000000000000751543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113736c41f1bce302021-12-20 15:53:07.426root 11241100x8000000000000000751544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2b9a5428ed96382021-12-20 15:53:07.426root 11241100x8000000000000000751545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d637fdc4724421f02021-12-20 15:53:07.426root 11241100x8000000000000000751546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51229bcbf048f1692021-12-20 15:53:07.426root 11241100x8000000000000000751547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbf91ac813922fe2021-12-20 15:53:07.426root 11241100x8000000000000000751548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fd99f3c587e5e82021-12-20 15:53:07.426root 11241100x8000000000000000751549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4655e4b739f4aa052021-12-20 15:53:07.426root 11241100x8000000000000000751550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a9c156ad6465662021-12-20 15:53:07.426root 11241100x8000000000000000751551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec96ac247eb9bfcd2021-12-20 15:53:07.426root 11241100x8000000000000000751552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e03d050dcf5f252021-12-20 15:53:07.426root 11241100x8000000000000000751553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a229567913aa4c2021-12-20 15:53:07.426root 11241100x8000000000000000751554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afaedafb7f8d73d2021-12-20 15:53:07.427root 11241100x8000000000000000751555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f32030d73643f352021-12-20 15:53:07.427root 11241100x8000000000000000751556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5c24c2b67de42e2021-12-20 15:53:07.427root 11241100x8000000000000000751557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99679df3d0231c2f2021-12-20 15:53:07.427root 11241100x8000000000000000751558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dfee1f6c055e962021-12-20 15:53:07.427root 11241100x8000000000000000751559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103c808bc42ecfdd2021-12-20 15:53:07.427root 11241100x8000000000000000751560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6725a3dd7594a432021-12-20 15:53:07.427root 11241100x8000000000000000751561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0dd2b8cbd647a2b2021-12-20 15:53:07.427root 11241100x8000000000000000751562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4196f5a3089d4f12021-12-20 15:53:07.428root 11241100x8000000000000000751563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6f95896e34c4b62021-12-20 15:53:07.924root 11241100x8000000000000000751564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a4113268e48a912021-12-20 15:53:07.924root 11241100x8000000000000000751565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526bace8356448152021-12-20 15:53:07.924root 11241100x8000000000000000751566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4eeff2f1e575532021-12-20 15:53:07.924root 11241100x8000000000000000751567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f34cc59632ff8612021-12-20 15:53:07.925root 11241100x8000000000000000751568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4d9ad98a1dffc42021-12-20 15:53:07.925root 11241100x8000000000000000751569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6029a96d66b11052021-12-20 15:53:07.925root 11241100x8000000000000000751570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48faaf25390697dc2021-12-20 15:53:07.925root 11241100x8000000000000000751571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf128c2e4333cadb2021-12-20 15:53:07.925root 11241100x8000000000000000751572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b7c87e28d7ca6f2021-12-20 15:53:07.925root 11241100x8000000000000000751573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c030932d4e9437b12021-12-20 15:53:07.926root 11241100x8000000000000000751574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944ab05185ef3e832021-12-20 15:53:07.926root 11241100x8000000000000000751575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03df8f7cfcac08b2021-12-20 15:53:07.926root 11241100x8000000000000000751576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31cee4bbd0abb2c2021-12-20 15:53:07.926root 11241100x8000000000000000751577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6002ded52c95eb5e2021-12-20 15:53:07.926root 11241100x8000000000000000751578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0f567df62b04132021-12-20 15:53:07.926root 11241100x8000000000000000751579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f1a544466642fc2021-12-20 15:53:07.926root 11241100x8000000000000000751580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bccc755690b2192021-12-20 15:53:07.926root 11241100x8000000000000000751581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f896903c07fefc2021-12-20 15:53:07.926root 11241100x8000000000000000751582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009e93301416f4de2021-12-20 15:53:07.926root 11241100x8000000000000000751583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bad316b6e50aeb2021-12-20 15:53:07.927root 11241100x8000000000000000751584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bba6659738569b42021-12-20 15:53:08.424root 11241100x8000000000000000751585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ea38e67ec35bb82021-12-20 15:53:08.424root 11241100x8000000000000000751586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d54e565939e0bb42021-12-20 15:53:08.424root 11241100x8000000000000000751587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1536bb315a59c7492021-12-20 15:53:08.424root 11241100x8000000000000000751588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ed4a8c4d9d41362021-12-20 15:53:08.425root 11241100x8000000000000000751589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458465fb9fb2409f2021-12-20 15:53:08.425root 11241100x8000000000000000751590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b220a181c33333462021-12-20 15:53:08.425root 11241100x8000000000000000751591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf6aa30455a11f92021-12-20 15:53:08.425root 11241100x8000000000000000751592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f63f4ae8abde3892021-12-20 15:53:08.425root 11241100x8000000000000000751593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6319a314487e952021-12-20 15:53:08.425root 11241100x8000000000000000751594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fe2a917677f02d2021-12-20 15:53:08.425root 11241100x8000000000000000751595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb0a3d802d5ef472021-12-20 15:53:08.425root 11241100x8000000000000000751596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff000ea01e75f8f92021-12-20 15:53:08.425root 11241100x8000000000000000751597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611ffb18c9a97e662021-12-20 15:53:08.425root 11241100x8000000000000000751598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6bb4242be3d0742021-12-20 15:53:08.426root 11241100x8000000000000000751599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c924206dea722652021-12-20 15:53:08.426root 11241100x8000000000000000751600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c662948004b1d15d2021-12-20 15:53:08.426root 11241100x8000000000000000751601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8770bd9f4bcd86282021-12-20 15:53:08.426root 11241100x8000000000000000751602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dc96b6e13570bd2021-12-20 15:53:08.426root 11241100x8000000000000000751603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1b06b4e2ae62392021-12-20 15:53:08.426root 11241100x8000000000000000751604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216f3c837d5aea262021-12-20 15:53:08.426root 11241100x8000000000000000751605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2209533a419e79062021-12-20 15:53:08.925root 11241100x8000000000000000751606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d2b68e288494de2021-12-20 15:53:08.925root 11241100x8000000000000000751607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a2875ad04b60092021-12-20 15:53:08.925root 11241100x8000000000000000751608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dfabe93beb4e9c2021-12-20 15:53:08.925root 11241100x8000000000000000751609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b8851e2437b6032021-12-20 15:53:08.925root 11241100x8000000000000000751610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c4a6cf7062af9a2021-12-20 15:53:08.925root 11241100x8000000000000000751611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe50ac4bdcdfb7142021-12-20 15:53:08.925root 11241100x8000000000000000751612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47d1f895f0439812021-12-20 15:53:08.925root 11241100x8000000000000000751613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1e964ffa9ac7392021-12-20 15:53:08.926root 11241100x8000000000000000751614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1002bc457e372542021-12-20 15:53:08.926root 11241100x8000000000000000751615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727cb7c83a4e3d542021-12-20 15:53:08.926root 11241100x8000000000000000751616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36141472d8dc5ca92021-12-20 15:53:08.926root 11241100x8000000000000000751617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c261c0de62fac002021-12-20 15:53:08.926root 11241100x8000000000000000751618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be84f18d160137ad2021-12-20 15:53:08.926root 11241100x8000000000000000751619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85393bc8bebc731b2021-12-20 15:53:08.926root 11241100x8000000000000000751620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28af07f403f54112021-12-20 15:53:08.926root 11241100x8000000000000000751621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eff59c9b8fbd79d2021-12-20 15:53:08.926root 11241100x8000000000000000751622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75416e9256be613e2021-12-20 15:53:08.926root 11241100x8000000000000000751623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c90e517883dc6c2021-12-20 15:53:08.926root 11241100x8000000000000000751624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbca15ca1f52e3a2021-12-20 15:53:08.926root 11241100x8000000000000000751625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cbcbe806c016a32021-12-20 15:53:08.927root 23542300x8000000000000000751626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.074{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000751627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d298f459a3a7ce2021-12-20 15:53:09.424root 11241100x8000000000000000751628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfaffe19ac10e372021-12-20 15:53:09.425root 11241100x8000000000000000751629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3487ef20ab63232021-12-20 15:53:09.425root 11241100x8000000000000000751630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcf18e2210efd0a2021-12-20 15:53:09.425root 11241100x8000000000000000751631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56f0db2e3c1d7842021-12-20 15:53:09.425root 11241100x8000000000000000751632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35f584b9e6c287a2021-12-20 15:53:09.426root 11241100x8000000000000000751633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4337cede498b932021-12-20 15:53:09.426root 11241100x8000000000000000751634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a658a7c95f5a312021-12-20 15:53:09.426root 11241100x8000000000000000751635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c5199281463b432021-12-20 15:53:09.427root 11241100x8000000000000000751636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912f12eed0805d502021-12-20 15:53:09.427root 11241100x8000000000000000751637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2d66fc4d56c3752021-12-20 15:53:09.427root 11241100x8000000000000000751638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6633b8bf2f9cd99a2021-12-20 15:53:09.427root 11241100x8000000000000000751639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af62b1732985eed22021-12-20 15:53:09.428root 11241100x8000000000000000751640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b4db5252e7f1812021-12-20 15:53:09.428root 11241100x8000000000000000751641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1f40127ea6ae972021-12-20 15:53:09.428root 11241100x8000000000000000751642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9f9359056f55222021-12-20 15:53:09.429root 11241100x8000000000000000751643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0add56d3b5ec93872021-12-20 15:53:09.429root 11241100x8000000000000000751644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fcea4a4e1856e02021-12-20 15:53:09.429root 11241100x8000000000000000751645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fcd318b4021f892021-12-20 15:53:09.429root 11241100x8000000000000000751646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8480214a65abfed2021-12-20 15:53:09.430root 11241100x8000000000000000751647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5b69a1e55d39f72021-12-20 15:53:09.430root 11241100x8000000000000000751648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5db949a9016dc452021-12-20 15:53:09.430root 11241100x8000000000000000751649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebb34df158f3e262021-12-20 15:53:09.924root 11241100x8000000000000000751650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05e0bde4b8e59b92021-12-20 15:53:09.924root 11241100x8000000000000000751651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9429d40078a3bb252021-12-20 15:53:09.925root 11241100x8000000000000000751652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46496d0a58f85b8d2021-12-20 15:53:09.925root 11241100x8000000000000000751653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49339b18759d360c2021-12-20 15:53:09.925root 11241100x8000000000000000751654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18e296c34008df02021-12-20 15:53:09.926root 11241100x8000000000000000751655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a9c2c304ed3e072021-12-20 15:53:09.926root 11241100x8000000000000000751656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9169ce1166f2baec2021-12-20 15:53:09.926root 11241100x8000000000000000751657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f68e9c3b16f4e502021-12-20 15:53:09.927root 11241100x8000000000000000751658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778331377de8face2021-12-20 15:53:09.927root 11241100x8000000000000000751659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e8d28e5623e4ed2021-12-20 15:53:09.927root 11241100x8000000000000000751660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8987cbe6eccdb9ca2021-12-20 15:53:09.927root 11241100x8000000000000000751661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f48a07bfe39fc9a2021-12-20 15:53:09.927root 11241100x8000000000000000751662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240ce3c7593be88b2021-12-20 15:53:09.928root 11241100x8000000000000000751663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4132475586e3f82021-12-20 15:53:09.928root 11241100x8000000000000000751664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfde5891ffed07e82021-12-20 15:53:09.928root 11241100x8000000000000000751665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727c55569fcf55672021-12-20 15:53:09.928root 11241100x8000000000000000751666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae7a6c4e392608c2021-12-20 15:53:09.928root 11241100x8000000000000000751667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d944d9599a8497db2021-12-20 15:53:09.928root 11241100x8000000000000000751668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a904b5610df9411b2021-12-20 15:53:09.928root 11241100x8000000000000000751669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6b193963ff35892021-12-20 15:53:09.928root 11241100x8000000000000000751670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5d987817595efb2021-12-20 15:53:09.928root 11241100x8000000000000000751671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8a2cb0696ef6662021-12-20 15:53:09.928root 11241100x8000000000000000751672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43295e2dc1e085d2021-12-20 15:53:10.424root 11241100x8000000000000000751673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f126f0b1d2c6372021-12-20 15:53:10.424root 11241100x8000000000000000751674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f17d2d96b8daf7d2021-12-20 15:53:10.424root 11241100x8000000000000000751675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398c52b54dc54d662021-12-20 15:53:10.424root 11241100x8000000000000000751676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2a7978e59389362021-12-20 15:53:10.424root 11241100x8000000000000000751677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2279c32277f1b72021-12-20 15:53:10.424root 11241100x8000000000000000751678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095acb711001eeae2021-12-20 15:53:10.424root 11241100x8000000000000000751679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74610bd7667256502021-12-20 15:53:10.425root 11241100x8000000000000000751680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e446ba5fce05122021-12-20 15:53:10.425root 11241100x8000000000000000751681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eb9243fd3820a32021-12-20 15:53:10.425root 11241100x8000000000000000751682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6e81cfc52895172021-12-20 15:53:10.425root 11241100x8000000000000000751683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d4ae3bdfb633622021-12-20 15:53:10.425root 11241100x8000000000000000751684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c435b6f3c594d30c2021-12-20 15:53:10.426root 11241100x8000000000000000751685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599655780480cfad2021-12-20 15:53:10.426root 11241100x8000000000000000751686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b37334a11a99de2021-12-20 15:53:10.426root 11241100x8000000000000000751687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642e9626c5ea9d292021-12-20 15:53:10.427root 11241100x8000000000000000751688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d95a95f7e81ccd2021-12-20 15:53:10.427root 11241100x8000000000000000751689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16f85bedbe91e8c2021-12-20 15:53:10.427root 11241100x8000000000000000751690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb345731c7f8507e2021-12-20 15:53:10.428root 11241100x8000000000000000751691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87733d7543d83412021-12-20 15:53:10.428root 11241100x8000000000000000751692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c81e04b94aef682021-12-20 15:53:10.428root 11241100x8000000000000000751693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530cab9329cb3ba32021-12-20 15:53:10.428root 11241100x8000000000000000751694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93551dbe54f824772021-12-20 15:53:10.924root 11241100x8000000000000000751695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46da947d042eb2c2021-12-20 15:53:10.925root 11241100x8000000000000000751696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9736d1f0ca9727d02021-12-20 15:53:10.925root 11241100x8000000000000000751697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba5cc3d9302bacc2021-12-20 15:53:10.925root 11241100x8000000000000000751698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2e1341b08d18ad2021-12-20 15:53:10.925root 11241100x8000000000000000751699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce98bab9a7dcbb72021-12-20 15:53:10.925root 11241100x8000000000000000751700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772d6a99fe3fdcb82021-12-20 15:53:10.925root 11241100x8000000000000000751701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ef12452ad261742021-12-20 15:53:10.926root 11241100x8000000000000000751702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb23eb8f3c1f0a22021-12-20 15:53:10.926root 11241100x8000000000000000751703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822a07224b3ac44d2021-12-20 15:53:10.926root 11241100x8000000000000000751704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68285af0c26419642021-12-20 15:53:10.926root 11241100x8000000000000000751705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45a202e531030ef2021-12-20 15:53:10.926root 11241100x8000000000000000751706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c71c09b5fa20e8d2021-12-20 15:53:10.926root 11241100x8000000000000000751707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762a42b51ffe14282021-12-20 15:53:10.926root 11241100x8000000000000000751708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310cdbedb0223bc62021-12-20 15:53:10.927root 11241100x8000000000000000751709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5324e5c03353333f2021-12-20 15:53:10.927root 11241100x8000000000000000751710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128fbccc8909d4be2021-12-20 15:53:10.927root 11241100x8000000000000000751711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494d30c27deb5f842021-12-20 15:53:10.927root 11241100x8000000000000000751712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b8d01f77e5734f2021-12-20 15:53:10.927root 11241100x8000000000000000751713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e6ccc0ac35eb5b2021-12-20 15:53:10.927root 11241100x8000000000000000751714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb7d1850d8b2f0d2021-12-20 15:53:10.927root 11241100x8000000000000000751715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85ef03598a78c0a2021-12-20 15:53:10.927root 154100x8000000000000000751716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.231{ec2c97d1-a6e7-61c0-6864-cc08a4550000}10199/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000751717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.232{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c3cce3227631672021-12-20 15:53:11.232root 11241100x8000000000000000751718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.233{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bebf2c479aca3e62021-12-20 15:53:11.233root 11241100x8000000000000000751719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.233{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f777e61cb1a97a2021-12-20 15:53:11.233root 11241100x8000000000000000751720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.233{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c078ca56627742832021-12-20 15:53:11.233root 11241100x8000000000000000751721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.234{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05d5cf83b7540b42021-12-20 15:53:11.234root 11241100x8000000000000000751722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.234{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc4e7c371d569782021-12-20 15:53:11.234root 11241100x8000000000000000751723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.234{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b99701f86c4bfa2021-12-20 15:53:11.234root 11241100x8000000000000000751724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d523507133c889592021-12-20 15:53:11.235root 11241100x8000000000000000751725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548db04bcda42f012021-12-20 15:53:11.235root 11241100x8000000000000000751726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ba40da54bd56ab2021-12-20 15:53:11.235root 11241100x8000000000000000751727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da62092c830aa922021-12-20 15:53:11.235root 11241100x8000000000000000751728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c735d5883c0954372021-12-20 15:53:11.236root 11241100x8000000000000000751729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf8aac9971462312021-12-20 15:53:11.236root 11241100x8000000000000000751730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a647286a5c25db942021-12-20 15:53:11.236root 11241100x8000000000000000751731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b94bb4677308ec2021-12-20 15:53:11.236root 11241100x8000000000000000751732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210a652eda7dfcf32021-12-20 15:53:11.237root 11241100x8000000000000000751733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e47357644e26d192021-12-20 15:53:11.237root 11241100x8000000000000000751734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2241d3430b5c2e912021-12-20 15:53:11.237root 11241100x8000000000000000751735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63bc128c942f68c2021-12-20 15:53:11.237root 11241100x8000000000000000751736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0480186b16c208c2021-12-20 15:53:11.237root 11241100x8000000000000000751737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff419a5cbea11f142021-12-20 15:53:11.237root 11241100x8000000000000000751738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e6b109090179ad2021-12-20 15:53:11.237root 11241100x8000000000000000751739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f926d0c973cd9812021-12-20 15:53:11.237root 11241100x8000000000000000751740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69591a86fefaeee2021-12-20 15:53:11.237root 11241100x8000000000000000751741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681cbe1dbda635d02021-12-20 15:53:11.237root 11241100x8000000000000000751742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067f83631817b4f72021-12-20 15:53:11.237root 11241100x8000000000000000751743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd960de790ad14d52021-12-20 15:53:11.237root 11241100x8000000000000000751744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1348517765466f2021-12-20 15:53:11.237root 534500x8000000000000000751745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.243{ec2c97d1-a6e7-61c0-6864-cc08a4550000}10199/bin/psroot 11241100x8000000000000000751746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8f92863105bcb32021-12-20 15:53:11.675root 11241100x8000000000000000751747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544c0aa1aeec55102021-12-20 15:53:11.675root 11241100x8000000000000000751748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906d90fbb544e36a2021-12-20 15:53:11.675root 11241100x8000000000000000751749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48cb08723d1b3862021-12-20 15:53:11.675root 11241100x8000000000000000751750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c2cedebee6a1db2021-12-20 15:53:11.675root 11241100x8000000000000000751751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a62396763217372021-12-20 15:53:11.675root 11241100x8000000000000000751752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3996641d092ed5a82021-12-20 15:53:11.675root 11241100x8000000000000000751753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4aa6b24b5e0e2bd2021-12-20 15:53:11.675root 11241100x8000000000000000751754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f55c9b93be558592021-12-20 15:53:11.675root 11241100x8000000000000000751755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc298a501bc10cec2021-12-20 15:53:11.675root 11241100x8000000000000000751756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59a072f8e687a0b2021-12-20 15:53:11.675root 11241100x8000000000000000751757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbb8504e89e40132021-12-20 15:53:11.676root 11241100x8000000000000000751758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cf5b9a1dc097862021-12-20 15:53:11.676root 11241100x8000000000000000751759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc327d0da523d3ec2021-12-20 15:53:11.676root 11241100x8000000000000000751760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd49f7f71386a172021-12-20 15:53:11.676root 11241100x8000000000000000751761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8f4c89d1b076132021-12-20 15:53:11.676root 11241100x8000000000000000751762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b21dfd8af3997542021-12-20 15:53:11.676root 11241100x8000000000000000751763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6f85b1236487282021-12-20 15:53:11.676root 11241100x8000000000000000751764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200cbcb2706800972021-12-20 15:53:11.676root 11241100x8000000000000000751765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae41e75864df8de62021-12-20 15:53:11.676root 11241100x8000000000000000751766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623524a71214021b2021-12-20 15:53:11.677root 11241100x8000000000000000751767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072aedc85d16b09d2021-12-20 15:53:11.677root 11241100x8000000000000000751768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc60c518e045d62021-12-20 15:53:11.677root 11241100x8000000000000000751769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c6f521d4b56bae2021-12-20 15:53:11.677root 354300x8000000000000000751770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.098{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51324-false10.0.1.12-8000- 11241100x8000000000000000751771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.100{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c460ecbed773de2021-12-20 15:53:12.100root 11241100x8000000000000000751772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.100{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4c2a4a2cb35b1e2021-12-20 15:53:12.100root 11241100x8000000000000000751773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.100{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857de8714258c80d2021-12-20 15:53:12.100root 11241100x8000000000000000751774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.100{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140ae53314c113dd2021-12-20 15:53:12.100root 11241100x8000000000000000751775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5fd7f4db5ff19a2021-12-20 15:53:12.101root 11241100x8000000000000000751776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35228f6232203032021-12-20 15:53:12.101root 11241100x8000000000000000751777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3226140f991e9d22021-12-20 15:53:12.101root 11241100x8000000000000000751778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d609bf34750871b2021-12-20 15:53:12.101root 11241100x8000000000000000751779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3308b0b0bbe341c92021-12-20 15:53:12.101root 11241100x8000000000000000751780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc98ff3599ff4872021-12-20 15:53:12.101root 11241100x8000000000000000751781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ac18fa6e9124a42021-12-20 15:53:12.101root 11241100x8000000000000000751782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560cd5045d0f951d2021-12-20 15:53:12.101root 11241100x8000000000000000751783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820d4dd589667a192021-12-20 15:53:12.101root 11241100x8000000000000000751784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f7ba7a8bb5d8d82021-12-20 15:53:12.101root 11241100x8000000000000000751785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.102{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc7e3be45d7ce9f2021-12-20 15:53:12.102root 11241100x8000000000000000751786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.102{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d333242221467ff22021-12-20 15:53:12.102root 11241100x8000000000000000751787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.102{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19d2bea2fc572b22021-12-20 15:53:12.102root 11241100x8000000000000000751788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.102{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bff7c5293bfa042021-12-20 15:53:12.102root 11241100x8000000000000000751789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.102{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a5fd54e48fd8b22021-12-20 15:53:12.102root 11241100x8000000000000000751790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb67aed371e903ab2021-12-20 15:53:12.103root 11241100x8000000000000000751791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20af37a983b65bd82021-12-20 15:53:12.103root 11241100x8000000000000000751792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8460f2e54ec6ba2021-12-20 15:53:12.103root 11241100x8000000000000000751793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3252799b8e2d574f2021-12-20 15:53:12.103root 11241100x8000000000000000751794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234067c1669fb2fb2021-12-20 15:53:12.103root 11241100x8000000000000000751795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14043f6cc5d8a182021-12-20 15:53:12.103root 11241100x8000000000000000751796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b31f0321d6c7d82021-12-20 15:53:12.424root 11241100x8000000000000000751797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035612c10422df012021-12-20 15:53:12.424root 11241100x8000000000000000751798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8866230c542eb052021-12-20 15:53:12.424root 11241100x8000000000000000751799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9462d8f63aa647bf2021-12-20 15:53:12.425root 11241100x8000000000000000751800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc65b4b432530ef2021-12-20 15:53:12.425root 11241100x8000000000000000751801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd8ae69c73427932021-12-20 15:53:12.425root 11241100x8000000000000000751802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a487ce7e51a5f84b2021-12-20 15:53:12.425root 11241100x8000000000000000751803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ba996e1020af352021-12-20 15:53:12.425root 11241100x8000000000000000751804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65074b861fddafd2021-12-20 15:53:12.425root 11241100x8000000000000000751805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7c29c359aabac82021-12-20 15:53:12.425root 11241100x8000000000000000751806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeca05dab42f3ff72021-12-20 15:53:12.425root 11241100x8000000000000000751807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6e313f94017bda2021-12-20 15:53:12.425root 11241100x8000000000000000751808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd70c3390ec23342021-12-20 15:53:12.425root 11241100x8000000000000000751809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13f5ae5d79a35af2021-12-20 15:53:12.425root 11241100x8000000000000000751810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d651abd832a262d52021-12-20 15:53:12.425root 11241100x8000000000000000751811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e6bd56314600012021-12-20 15:53:12.425root 11241100x8000000000000000751812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6fcea8e7fb042f2021-12-20 15:53:12.426root 11241100x8000000000000000751813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72db51132dfd27a2021-12-20 15:53:12.426root 11241100x8000000000000000751814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f01cd2af4a35ff2021-12-20 15:53:12.426root 11241100x8000000000000000751815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ae1ce78c4cbd422021-12-20 15:53:12.426root 11241100x8000000000000000751816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d148e74f59d0e82021-12-20 15:53:12.426root 11241100x8000000000000000751817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4425f6d8eba6e0142021-12-20 15:53:12.426root 11241100x8000000000000000751818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c7f429872b6beb2021-12-20 15:53:12.426root 11241100x8000000000000000751819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f7215fc17dabc22021-12-20 15:53:12.426root 11241100x8000000000000000751820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f14d311cb3d6922021-12-20 15:53:12.426root 11241100x8000000000000000751821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d41ab9e31d2d4cf2021-12-20 15:53:12.924root 11241100x8000000000000000751822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49e877e330e6a242021-12-20 15:53:12.924root 11241100x8000000000000000751823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b084c2678c16ce2021-12-20 15:53:12.924root 11241100x8000000000000000751824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3cd29ab2da0ef72021-12-20 15:53:12.924root 11241100x8000000000000000751825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f549c6a26dbb18922021-12-20 15:53:12.925root 11241100x8000000000000000751826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3870e2294c0cd412021-12-20 15:53:12.925root 11241100x8000000000000000751827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1581c493b507557b2021-12-20 15:53:12.925root 11241100x8000000000000000751828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db9dff8e59421012021-12-20 15:53:12.925root 11241100x8000000000000000751829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c643bbb9a4cb1ab32021-12-20 15:53:12.925root 11241100x8000000000000000751830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b44d6bc1bfd2322021-12-20 15:53:12.925root 11241100x8000000000000000751831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a2e275962a99c12021-12-20 15:53:12.925root 11241100x8000000000000000751832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f2b0b98e0547d72021-12-20 15:53:12.925root 11241100x8000000000000000751833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f283a06dafbffb702021-12-20 15:53:12.925root 11241100x8000000000000000751834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e634d98ba43fa1082021-12-20 15:53:12.925root 11241100x8000000000000000751835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49a42a0c252a2c92021-12-20 15:53:12.926root 11241100x8000000000000000751836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dfaa458dabbc9c2021-12-20 15:53:12.926root 11241100x8000000000000000751837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfddac6910da0a472021-12-20 15:53:12.926root 11241100x8000000000000000751838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e833443803d16e02021-12-20 15:53:12.926root 11241100x8000000000000000751839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25261ac85bbbc8442021-12-20 15:53:12.926root 11241100x8000000000000000751840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a63523473a58a912021-12-20 15:53:12.926root 11241100x8000000000000000751841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8d1985ebb4e89e2021-12-20 15:53:12.926root 11241100x8000000000000000751842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377b2dcaa437f2e32021-12-20 15:53:12.926root 11241100x8000000000000000751843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b931298161c67f52021-12-20 15:53:12.926root 11241100x8000000000000000751844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6724e30e7c99422021-12-20 15:53:12.927root 11241100x8000000000000000751845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d7ef84dc30fe572021-12-20 15:53:12.927root 11241100x8000000000000000751846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc5a4a3cf2d6fe92021-12-20 15:53:13.424root 11241100x8000000000000000751847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1c7f9dfbc601242021-12-20 15:53:13.424root 11241100x8000000000000000751848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2b674652c44f152021-12-20 15:53:13.424root 11241100x8000000000000000751849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494054df1eecfb2c2021-12-20 15:53:13.424root 11241100x8000000000000000751850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e82abb6b3b5690e2021-12-20 15:53:13.425root 11241100x8000000000000000751851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70175a6da70b697f2021-12-20 15:53:13.425root 11241100x8000000000000000751852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc91f763f54d7f02021-12-20 15:53:13.425root 11241100x8000000000000000751853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3009be63a68bfdf2021-12-20 15:53:13.425root 11241100x8000000000000000751854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6a86b85518e97f2021-12-20 15:53:13.425root 11241100x8000000000000000751855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1474f768540fa7e2021-12-20 15:53:13.425root 11241100x8000000000000000751856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffdafc281e52cd62021-12-20 15:53:13.425root 11241100x8000000000000000751857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20ff5743554041d2021-12-20 15:53:13.425root 11241100x8000000000000000751858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0209b091e39562a12021-12-20 15:53:13.425root 11241100x8000000000000000751859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b866ee79081b682021-12-20 15:53:13.425root 11241100x8000000000000000751860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c9e1a2fe6b2e6b2021-12-20 15:53:13.425root 11241100x8000000000000000751861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5023fcb9ac61e542021-12-20 15:53:13.425root 11241100x8000000000000000751862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674874fe43d402e62021-12-20 15:53:13.425root 11241100x8000000000000000751863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058024f9b0ddcd0b2021-12-20 15:53:13.426root 11241100x8000000000000000751864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645d9746e8d658212021-12-20 15:53:13.426root 11241100x8000000000000000751865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484553d69450a3b42021-12-20 15:53:13.426root 11241100x8000000000000000751866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41d7610739060192021-12-20 15:53:13.426root 11241100x8000000000000000751867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd919e9bdeed1f542021-12-20 15:53:13.426root 11241100x8000000000000000751868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082e1ff4ff7f50e12021-12-20 15:53:13.426root 11241100x8000000000000000751869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b70d0cc07b95f82021-12-20 15:53:13.426root 11241100x8000000000000000751870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8e99cc0142402f2021-12-20 15:53:13.426root 11241100x8000000000000000751871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c12d608395ae8852021-12-20 15:53:13.924root 11241100x8000000000000000751872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdf5fbe140a78412021-12-20 15:53:13.924root 11241100x8000000000000000751873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22949f731b01988a2021-12-20 15:53:13.924root 11241100x8000000000000000751874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99de3c97bb5eed92021-12-20 15:53:13.924root 11241100x8000000000000000751875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c92374fb69361772021-12-20 15:53:13.924root 11241100x8000000000000000751876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9239a5ee346f9a2021-12-20 15:53:13.924root 11241100x8000000000000000751877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ec6b4f54eb41832021-12-20 15:53:13.924root 11241100x8000000000000000751878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee52a688e8342fe2021-12-20 15:53:13.924root 11241100x8000000000000000751879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11fbc243c977cde2021-12-20 15:53:13.924root 11241100x8000000000000000751880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a27b1b58e327f982021-12-20 15:53:13.924root 11241100x8000000000000000751881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157c3b53a631fd682021-12-20 15:53:13.924root 11241100x8000000000000000751882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552401cd414e64ac2021-12-20 15:53:13.924root 11241100x8000000000000000751883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce25b94382643562021-12-20 15:53:13.925root 11241100x8000000000000000751884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988abc7e042af0982021-12-20 15:53:13.925root 11241100x8000000000000000751885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fddc8aafb3b17302021-12-20 15:53:13.925root 11241100x8000000000000000751886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7d4509049cf3182021-12-20 15:53:13.925root 11241100x8000000000000000751887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba754b352473e4d2021-12-20 15:53:13.925root 11241100x8000000000000000751888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9920e3ae80ff8a52021-12-20 15:53:13.925root 11241100x8000000000000000751889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4917af10171b8c2021-12-20 15:53:13.925root 11241100x8000000000000000751890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee8ed949a5cda632021-12-20 15:53:13.925root 11241100x8000000000000000751891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5372dac5e11c6e532021-12-20 15:53:13.926root 11241100x8000000000000000751892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f69be8ec6d4c01d2021-12-20 15:53:13.926root 11241100x8000000000000000751893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a97c4f905a0e812021-12-20 15:53:13.926root 11241100x8000000000000000751894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1092d4b4df58e0422021-12-20 15:53:13.926root 11241100x8000000000000000751895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c565ef3ed37ebdba2021-12-20 15:53:13.926root 11241100x8000000000000000751896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d4b3588e6963922021-12-20 15:53:13.926root 11241100x8000000000000000751897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cceedbdfd303daf92021-12-20 15:53:13.926root 11241100x8000000000000000751898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042f7458e4ba91622021-12-20 15:53:14.424root 11241100x8000000000000000751899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a132c882d02e832021-12-20 15:53:14.424root 11241100x8000000000000000751900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e59643e7a5a0be2021-12-20 15:53:14.424root 11241100x8000000000000000751901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a91663178f3c312021-12-20 15:53:14.424root 11241100x8000000000000000751902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5072deb4cd4079d2021-12-20 15:53:14.425root 11241100x8000000000000000751903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0fc28970e099652021-12-20 15:53:14.425root 11241100x8000000000000000751904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3ae3fefb098f482021-12-20 15:53:14.425root 11241100x8000000000000000751905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4068e0bba9d0aba92021-12-20 15:53:14.425root 11241100x8000000000000000751906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8afb2301e06a622021-12-20 15:53:14.425root 11241100x8000000000000000751907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384f14d2c2b0d7322021-12-20 15:53:14.425root 11241100x8000000000000000751908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4f2c60fc3c9b102021-12-20 15:53:14.425root 11241100x8000000000000000751909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6d4b7f7fe9194b2021-12-20 15:53:14.425root 11241100x8000000000000000751910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78949ca2095c4ab12021-12-20 15:53:14.426root 11241100x8000000000000000751911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ebd789abbeebe52021-12-20 15:53:14.426root 11241100x8000000000000000751912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e5bc25251fc6552021-12-20 15:53:14.426root 11241100x8000000000000000751913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174f503622e135b32021-12-20 15:53:14.426root 11241100x8000000000000000751914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccc0da65552a7d22021-12-20 15:53:14.426root 11241100x8000000000000000751915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f2cffc13aa2d0b2021-12-20 15:53:14.426root 11241100x8000000000000000751916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1299d184b9bb28d42021-12-20 15:53:14.426root 11241100x8000000000000000751917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf138961e3ad31c82021-12-20 15:53:14.427root 11241100x8000000000000000751918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2634eccbc458788b2021-12-20 15:53:14.427root 11241100x8000000000000000751919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849d0a69d3c8e1402021-12-20 15:53:14.427root 11241100x8000000000000000751920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c83d2cc508982d2021-12-20 15:53:14.427root 11241100x8000000000000000751921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953f9f135389c1c52021-12-20 15:53:14.427root 11241100x8000000000000000751922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236e3a2a1ac90ab92021-12-20 15:53:14.427root 11241100x8000000000000000751923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9e432b416aacbb2021-12-20 15:53:14.924root 11241100x8000000000000000751924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c2d7cce7082a142021-12-20 15:53:14.924root 11241100x8000000000000000751925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfb77efed7be91f2021-12-20 15:53:14.924root 11241100x8000000000000000751926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2b3b61f53ecd832021-12-20 15:53:14.924root 11241100x8000000000000000751927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf1535302d1e5052021-12-20 15:53:14.925root 11241100x8000000000000000751928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5685552ff259752021-12-20 15:53:14.925root 11241100x8000000000000000751929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c6a5d8405f68422021-12-20 15:53:14.925root 11241100x8000000000000000751930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947c03bfb26d0b632021-12-20 15:53:14.925root 11241100x8000000000000000751931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb251bb882f5b8d2021-12-20 15:53:14.925root 11241100x8000000000000000751932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8006bff6909e6482021-12-20 15:53:14.925root 11241100x8000000000000000751933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267a08708150eb0b2021-12-20 15:53:14.925root 11241100x8000000000000000751934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1622dce5b61b872021-12-20 15:53:14.925root 11241100x8000000000000000751935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a88b48a4a4822172021-12-20 15:53:14.925root 11241100x8000000000000000751936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120d5f351641b1002021-12-20 15:53:14.925root 11241100x8000000000000000751937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1d774e57c8c2dc2021-12-20 15:53:14.925root 11241100x8000000000000000751938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d2b87419029afd2021-12-20 15:53:14.926root 11241100x8000000000000000751939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5af929445be9152021-12-20 15:53:14.926root 11241100x8000000000000000751940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3277bafb077cda62021-12-20 15:53:14.926root 11241100x8000000000000000751941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03fe1b6828874f22021-12-20 15:53:14.926root 11241100x8000000000000000751942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e9f538de8abf462021-12-20 15:53:14.926root 11241100x8000000000000000751943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e20c5c2727ddb062021-12-20 15:53:14.926root 11241100x8000000000000000751944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0862ab6b4ffe691b2021-12-20 15:53:14.926root 11241100x8000000000000000751945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a186847f67cdbcc2021-12-20 15:53:14.926root 11241100x8000000000000000751946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f5cd301807a0e32021-12-20 15:53:14.926root 11241100x8000000000000000751947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fea84942b3a60c72021-12-20 15:53:14.926root 11241100x8000000000000000751948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebfab5e67d361d02021-12-20 15:53:15.424root 11241100x8000000000000000751949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04997ee367ef4eb22021-12-20 15:53:15.424root 11241100x8000000000000000751950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a176d7d6086f812021-12-20 15:53:15.424root 11241100x8000000000000000751951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fc6e1feeadfafd2021-12-20 15:53:15.424root 11241100x8000000000000000751952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b04b041017d272d2021-12-20 15:53:15.424root 11241100x8000000000000000751953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06746b3b32f66e4a2021-12-20 15:53:15.425root 11241100x8000000000000000751954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eba0f6ca77f76ad2021-12-20 15:53:15.425root 11241100x8000000000000000751955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c948968b8a3bd5102021-12-20 15:53:15.425root 11241100x8000000000000000751956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142db7afb1b5d4b72021-12-20 15:53:15.425root 11241100x8000000000000000751957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19148006d8e80b5e2021-12-20 15:53:15.425root 11241100x8000000000000000751958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f9d61252187b192021-12-20 15:53:15.425root 11241100x8000000000000000751959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd08cf5f149ca012021-12-20 15:53:15.425root 11241100x8000000000000000751960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ac56a03b5027492021-12-20 15:53:15.426root 11241100x8000000000000000751961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3097185f780cf3af2021-12-20 15:53:15.426root 11241100x8000000000000000751962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47214b9868c4a1b42021-12-20 15:53:15.426root 11241100x8000000000000000751963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c5921c923195c92021-12-20 15:53:15.426root 11241100x8000000000000000751964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdc0ff78a94980d2021-12-20 15:53:15.426root 11241100x8000000000000000751965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649b296a2e5767662021-12-20 15:53:15.426root 11241100x8000000000000000751966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d61413e026b00ca2021-12-20 15:53:15.426root 11241100x8000000000000000751967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358b7e275ce02fb22021-12-20 15:53:15.426root 11241100x8000000000000000751968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5bd8dc2b4f04782021-12-20 15:53:15.426root 11241100x8000000000000000751969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037311827051cc642021-12-20 15:53:15.426root 11241100x8000000000000000751970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a939e13119da792021-12-20 15:53:15.426root 11241100x8000000000000000751971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2390b8d6d5bc5dc32021-12-20 15:53:15.426root 11241100x8000000000000000751972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705485e4191ad3fc2021-12-20 15:53:15.427root 11241100x8000000000000000751973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7f563f883427ea2021-12-20 15:53:15.428root 11241100x8000000000000000751974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3de9a5a1222bed2021-12-20 15:53:15.428root 11241100x8000000000000000751975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1afa21ef8f90b22021-12-20 15:53:15.428root 11241100x8000000000000000751976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b04e4801ce31b12021-12-20 15:53:15.428root 11241100x8000000000000000751977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c00bd6378471c042021-12-20 15:53:15.428root 11241100x8000000000000000751978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d0ee157a09869f2021-12-20 15:53:15.428root 11241100x8000000000000000751979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8faf6de568b8b62021-12-20 15:53:15.428root 11241100x8000000000000000751980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3a70663fcc9a512021-12-20 15:53:15.429root 11241100x8000000000000000751981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4801dea263f4c82021-12-20 15:53:15.429root 11241100x8000000000000000751982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08235939ce03122e2021-12-20 15:53:15.429root 11241100x8000000000000000751983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6868b0e7cad4644f2021-12-20 15:53:15.429root 11241100x8000000000000000751984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c83f060bf8c5822021-12-20 15:53:15.429root 11241100x8000000000000000751985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171dbb4ed4aa88df2021-12-20 15:53:15.429root 11241100x8000000000000000751986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1272bc886c5a7212021-12-20 15:53:15.429root 11241100x8000000000000000751987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c79f3e0b18dc9ad2021-12-20 15:53:15.429root 11241100x8000000000000000751988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f421259a54ebe672021-12-20 15:53:15.429root 11241100x8000000000000000751989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc78db0950ab9cbe2021-12-20 15:53:15.429root 11241100x8000000000000000751990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fee700e51afbe6f2021-12-20 15:53:15.430root 11241100x8000000000000000751991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80996faa41ccf5a2021-12-20 15:53:15.430root 11241100x8000000000000000751992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431161512284ba002021-12-20 15:53:15.430root 11241100x8000000000000000751993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357349d7ec0cc8fa2021-12-20 15:53:15.430root 11241100x8000000000000000751994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074ea96eee33ca232021-12-20 15:53:15.430root 11241100x8000000000000000751995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32a2defdfd05c222021-12-20 15:53:15.430root 11241100x8000000000000000751996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbce963c25ef9a302021-12-20 15:53:15.430root 11241100x8000000000000000751997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dac8efae33a59612021-12-20 15:53:15.430root 11241100x8000000000000000751998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bdde9732c0c6bf2021-12-20 15:53:15.924root 11241100x8000000000000000751999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cc5480a712f9522021-12-20 15:53:15.924root 11241100x8000000000000000752000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11922c8f61d360ac2021-12-20 15:53:15.924root 11241100x8000000000000000752001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b516aa1d774e89602021-12-20 15:53:15.925root 11241100x8000000000000000752002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5279075c357257b22021-12-20 15:53:15.925root 11241100x8000000000000000752003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2208a9205695e912021-12-20 15:53:15.925root 11241100x8000000000000000752004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b253ce0a556615a2021-12-20 15:53:15.925root 11241100x8000000000000000752005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e2436101dcd3d32021-12-20 15:53:15.925root 11241100x8000000000000000752006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225e9bd7c2ad6ed72021-12-20 15:53:15.925root 11241100x8000000000000000752007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c6908a35f3e10a2021-12-20 15:53:15.925root 11241100x8000000000000000752008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e1c9ca953572442021-12-20 15:53:15.925root 11241100x8000000000000000752009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca0ae7c1f520b702021-12-20 15:53:15.925root 11241100x8000000000000000752010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d15df2e51ad3332021-12-20 15:53:15.925root 11241100x8000000000000000752011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a21dfa4b9435882021-12-20 15:53:15.926root 11241100x8000000000000000752012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8479f93b4eacd2862021-12-20 15:53:15.926root 11241100x8000000000000000752013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e452d9b64fc24b2021-12-20 15:53:15.926root 11241100x8000000000000000752014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ea75d42b95ca802021-12-20 15:53:15.926root 11241100x8000000000000000752015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d947aaad7ff27ab2021-12-20 15:53:15.926root 11241100x8000000000000000752016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c778336a7e454332021-12-20 15:53:15.926root 11241100x8000000000000000752017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a7fcc5843129d72021-12-20 15:53:15.927root 11241100x8000000000000000752018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9becefb92914e18f2021-12-20 15:53:15.927root 11241100x8000000000000000752019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a34f2c774d71fbd2021-12-20 15:53:15.927root 11241100x8000000000000000752020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a553d839f698d3462021-12-20 15:53:15.927root 11241100x8000000000000000752021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dd34e8cc4bb2332021-12-20 15:53:15.929root 11241100x8000000000000000752022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcbc8fa0804206a2021-12-20 15:53:15.929root 11241100x8000000000000000752023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf093fbe7a5b42552021-12-20 15:53:16.424root 11241100x8000000000000000752024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63f5263776b08062021-12-20 15:53:16.425root 11241100x8000000000000000752025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c4dab570384c6d2021-12-20 15:53:16.425root 11241100x8000000000000000752026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27243291288186a02021-12-20 15:53:16.425root 11241100x8000000000000000752027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151c3e5d1038f1832021-12-20 15:53:16.426root 11241100x8000000000000000752028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deec0c7c5e6919792021-12-20 15:53:16.426root 11241100x8000000000000000752029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36924093edd9d8462021-12-20 15:53:16.426root 11241100x8000000000000000752030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a925fda5e7ae9d912021-12-20 15:53:16.426root 11241100x8000000000000000752031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d576d2c6fc665562021-12-20 15:53:16.426root 11241100x8000000000000000752032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59eb19d613f3ad62021-12-20 15:53:16.427root 11241100x8000000000000000752033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5c99f5a9e444bb2021-12-20 15:53:16.427root 11241100x8000000000000000752034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa34969667ce5362021-12-20 15:53:16.427root 11241100x8000000000000000752035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9010b1c3fb40b92021-12-20 15:53:16.427root 11241100x8000000000000000752036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30192dd58f6fce12021-12-20 15:53:16.427root 11241100x8000000000000000752037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76479af8d8eb41ed2021-12-20 15:53:16.427root 11241100x8000000000000000752038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a394a1822925c0472021-12-20 15:53:16.427root 11241100x8000000000000000752039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e989c67041ed6302021-12-20 15:53:16.428root 11241100x8000000000000000752040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848a7e14f234e2842021-12-20 15:53:16.428root 11241100x8000000000000000752041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab4ee5e4a8e32412021-12-20 15:53:16.428root 11241100x8000000000000000752042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708760ccead449a22021-12-20 15:53:16.428root 11241100x8000000000000000752043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975cf3708e15df702021-12-20 15:53:16.429root 11241100x8000000000000000752044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b86dedb0d71cef2021-12-20 15:53:16.429root 11241100x8000000000000000752045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56e02b6ef3706232021-12-20 15:53:16.429root 11241100x8000000000000000752046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f28da72d79bf33a2021-12-20 15:53:16.429root 11241100x8000000000000000752047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8141b008e372502021-12-20 15:53:16.429root 11241100x8000000000000000752048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69007fe4b466cab2021-12-20 15:53:16.924root 11241100x8000000000000000752049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3621af3df1c86b502021-12-20 15:53:16.924root 11241100x8000000000000000752050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f18fea6162f0ce2021-12-20 15:53:16.924root 11241100x8000000000000000752051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee1059c0b0c8e602021-12-20 15:53:16.925root 11241100x8000000000000000752052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a166124ea556705a2021-12-20 15:53:16.925root 11241100x8000000000000000752053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20714bde8474ece42021-12-20 15:53:16.925root 11241100x8000000000000000752054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8d9ae7121d5e7c2021-12-20 15:53:16.925root 11241100x8000000000000000752055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bca945dc1a76b462021-12-20 15:53:16.925root 11241100x8000000000000000752056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8823039cb578b8462021-12-20 15:53:16.925root 11241100x8000000000000000752057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752b387ab8a3de4c2021-12-20 15:53:16.926root 11241100x8000000000000000752058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f6ae29efaa40772021-12-20 15:53:16.926root 11241100x8000000000000000752059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab8c074e41f21282021-12-20 15:53:16.926root 11241100x8000000000000000752060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510ce3f1041d5c192021-12-20 15:53:16.927root 11241100x8000000000000000752061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97201384dc89bb4b2021-12-20 15:53:16.927root 11241100x8000000000000000752062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cddc9e8fe68e6a2021-12-20 15:53:16.927root 11241100x8000000000000000752063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0548d7da7719d4e02021-12-20 15:53:16.928root 11241100x8000000000000000752064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e851b4b0a7f61d1f2021-12-20 15:53:16.928root 11241100x8000000000000000752065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3373728a3e06002021-12-20 15:53:16.928root 11241100x8000000000000000752066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9e4d20afa45e1a2021-12-20 15:53:16.928root 11241100x8000000000000000752067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ca60f63d52d5fa2021-12-20 15:53:16.928root 11241100x8000000000000000752068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8361dc44c6273c432021-12-20 15:53:16.928root 11241100x8000000000000000752069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387ef2cb4e63be3a2021-12-20 15:53:16.928root 11241100x8000000000000000752070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4b4284155df9552021-12-20 15:53:16.928root 11241100x8000000000000000752071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323d67e2b9518e372021-12-20 15:53:16.929root 11241100x8000000000000000752072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19bfac0d54f07402021-12-20 15:53:16.929root 11241100x8000000000000000752073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58bd72d31ed104b2021-12-20 15:53:17.424root 11241100x8000000000000000752074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1a647a48a5a98b2021-12-20 15:53:17.424root 11241100x8000000000000000752075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ade14a9833c2eec2021-12-20 15:53:17.424root 11241100x8000000000000000752076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c64beb144cd3e682021-12-20 15:53:17.424root 11241100x8000000000000000752077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6a8eb0b29d09c12021-12-20 15:53:17.424root 11241100x8000000000000000752078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec719340d20343d22021-12-20 15:53:17.425root 11241100x8000000000000000752079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c037818b8e452fe2021-12-20 15:53:17.425root 11241100x8000000000000000752080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fab16ec7c709f92021-12-20 15:53:17.425root 11241100x8000000000000000752081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c47de001fa0b1862021-12-20 15:53:17.425root 11241100x8000000000000000752082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fc495aac3270702021-12-20 15:53:17.425root 11241100x8000000000000000752083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc7b7f0769abbb32021-12-20 15:53:17.425root 11241100x8000000000000000752084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98ac7c8e66dd8ed2021-12-20 15:53:17.425root 11241100x8000000000000000752085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda89ee59dd234862021-12-20 15:53:17.425root 11241100x8000000000000000752086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147450fb87f1bee22021-12-20 15:53:17.426root 11241100x8000000000000000752087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bb88ac2d5450bd2021-12-20 15:53:17.426root 11241100x8000000000000000752088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e0e8e1a042b4c62021-12-20 15:53:17.426root 11241100x8000000000000000752089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3426e7287921792021-12-20 15:53:17.426root 11241100x8000000000000000752090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4423d10093f3da2021-12-20 15:53:17.426root 11241100x8000000000000000752091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07772fb70ca379102021-12-20 15:53:17.428root 11241100x8000000000000000752092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55af705ef3c397362021-12-20 15:53:17.428root 11241100x8000000000000000752093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c430937822a0432021-12-20 15:53:17.429root 11241100x8000000000000000752094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13e79ba92431f322021-12-20 15:53:17.429root 11241100x8000000000000000752095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a36354a4105b782021-12-20 15:53:17.429root 11241100x8000000000000000752096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8119d4dff6918132021-12-20 15:53:17.432root 11241100x8000000000000000752097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fa576d3d42025c2021-12-20 15:53:17.432root 11241100x8000000000000000752098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc3a1a003e73c4e2021-12-20 15:53:17.433root 11241100x8000000000000000752099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdc0ce2c1a519b12021-12-20 15:53:17.433root 11241100x8000000000000000752100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb6a56709017c372021-12-20 15:53:17.433root 11241100x8000000000000000752101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e474733c7240a52021-12-20 15:53:17.433root 11241100x8000000000000000752102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea71a749f90066092021-12-20 15:53:17.433root 11241100x8000000000000000752103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9304447aaf8d8e302021-12-20 15:53:17.433root 11241100x8000000000000000752104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba30e8f0c736b7632021-12-20 15:53:17.433root 11241100x8000000000000000752105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c15c6b7278cb7f2021-12-20 15:53:17.433root 11241100x8000000000000000752106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739af2ec81ad62022021-12-20 15:53:17.433root 11241100x8000000000000000752107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0441ed976a0e88b62021-12-20 15:53:17.434root 11241100x8000000000000000752108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccc1df481bd247c2021-12-20 15:53:17.434root 11241100x8000000000000000752109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f16ec9e064a9b4f2021-12-20 15:53:17.434root 11241100x8000000000000000752110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db86e35868dce5b2021-12-20 15:53:17.434root 11241100x8000000000000000752111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b015fcdcde5dca602021-12-20 15:53:17.434root 11241100x8000000000000000752112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39c7400ecabd7412021-12-20 15:53:17.434root 11241100x8000000000000000752113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef7b0d03bbc27ce2021-12-20 15:53:17.434root 11241100x8000000000000000752114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75aeccfd749ea1122021-12-20 15:53:17.434root 11241100x8000000000000000752115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ca9a01a36dd0942021-12-20 15:53:17.434root 11241100x8000000000000000752116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7354aecd517d60692021-12-20 15:53:17.434root 11241100x8000000000000000752117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5e1ab592020e0f2021-12-20 15:53:17.924root 11241100x8000000000000000752118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e082b9f20c4ec742021-12-20 15:53:17.924root 11241100x8000000000000000752119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334a7d71f2bbfb8b2021-12-20 15:53:17.924root 11241100x8000000000000000752120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42634e6626ecc3052021-12-20 15:53:17.924root 11241100x8000000000000000752121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c2014602f7e2e52021-12-20 15:53:17.925root 11241100x8000000000000000752122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b4f8f28bcd2c622021-12-20 15:53:17.925root 11241100x8000000000000000752123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f5831fd9a364d12021-12-20 15:53:17.925root 11241100x8000000000000000752124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34462957b8722dd2021-12-20 15:53:17.925root 11241100x8000000000000000752125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9651fe29056a28b2021-12-20 15:53:17.925root 11241100x8000000000000000752126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637ea86322cdd2c42021-12-20 15:53:17.925root 11241100x8000000000000000752127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ec0d0ac91bdbbc2021-12-20 15:53:17.925root 11241100x8000000000000000752128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88c507e6357fb112021-12-20 15:53:17.925root 11241100x8000000000000000752129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be7ea5c8865cfdb2021-12-20 15:53:17.925root 11241100x8000000000000000752130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290634d1a62568a92021-12-20 15:53:17.926root 11241100x8000000000000000752131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894e3815d55714252021-12-20 15:53:17.926root 11241100x8000000000000000752132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bc77a1eda309f52021-12-20 15:53:17.926root 11241100x8000000000000000752133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9e015200ec65412021-12-20 15:53:17.926root 11241100x8000000000000000752134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2d07802edf35382021-12-20 15:53:17.926root 11241100x8000000000000000752135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105355476429f0cf2021-12-20 15:53:17.926root 11241100x8000000000000000752136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d73dcb21d271712021-12-20 15:53:17.926root 11241100x8000000000000000752137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d23b49531930f962021-12-20 15:53:17.926root 11241100x8000000000000000752138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3813080eb4422d42021-12-20 15:53:17.927root 11241100x8000000000000000752139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79699cc6a75809332021-12-20 15:53:17.927root 11241100x8000000000000000752140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d117792c8c9cd1b62021-12-20 15:53:17.927root 11241100x8000000000000000752141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f7c64bba80118c2021-12-20 15:53:17.927root 11241100x8000000000000000752142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eab735a3f2f9912021-12-20 15:53:17.927root 354300x8000000000000000752143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.098{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51326-false10.0.1.12-8000- 11241100x8000000000000000752144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e4f4c7d14b01682021-12-20 15:53:18.424root 11241100x8000000000000000752145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbd77419e4d12fc2021-12-20 15:53:18.424root 11241100x8000000000000000752146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11be61e98ce54aa02021-12-20 15:53:18.424root 11241100x8000000000000000752147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4416124425dd79d12021-12-20 15:53:18.425root 11241100x8000000000000000752148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc63d08e5caebe752021-12-20 15:53:18.425root 11241100x8000000000000000752149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ab1513c1b493692021-12-20 15:53:18.425root 11241100x8000000000000000752150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3d09c4d7c7a15d2021-12-20 15:53:18.425root 11241100x8000000000000000752151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ef4ae3e2030db82021-12-20 15:53:18.425root 11241100x8000000000000000752152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebd16dc544e77ec2021-12-20 15:53:18.426root 11241100x8000000000000000752153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f1fbc85b8e37b92021-12-20 15:53:18.426root 11241100x8000000000000000752154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcdb1ad37a2ebd92021-12-20 15:53:18.426root 11241100x8000000000000000752155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50991dc615453c952021-12-20 15:53:18.426root 11241100x8000000000000000752156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225a376fab0218d72021-12-20 15:53:18.427root 11241100x8000000000000000752157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c167dd11db5bcb2021-12-20 15:53:18.427root 11241100x8000000000000000752158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5314b602a0d11c922021-12-20 15:53:18.427root 11241100x8000000000000000752159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b8d629e1a3a6db2021-12-20 15:53:18.427root 11241100x8000000000000000752160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed484ed4e93579072021-12-20 15:53:18.427root 11241100x8000000000000000752161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9afbd376deacd0e2021-12-20 15:53:18.427root 11241100x8000000000000000752162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6768960d750c1a2021-12-20 15:53:18.427root 11241100x8000000000000000752163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e244d440f1757672021-12-20 15:53:18.427root 11241100x8000000000000000752164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c742a8fb2965562021-12-20 15:53:18.427root 11241100x8000000000000000752165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe13caaecb58812021-12-20 15:53:18.427root 11241100x8000000000000000752166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33183375b2f5ff772021-12-20 15:53:18.427root 11241100x8000000000000000752167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d56bcd569ac8012021-12-20 15:53:18.427root 11241100x8000000000000000752168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b281a320f256d12021-12-20 15:53:18.427root 11241100x8000000000000000752169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a161924ed9c8a382021-12-20 15:53:18.428root 11241100x8000000000000000752170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ec3179f374d2fe2021-12-20 15:53:18.428root 11241100x8000000000000000752171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7165a17f2c2c132021-12-20 15:53:18.428root 11241100x8000000000000000752172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3f090bf9d21efb2021-12-20 15:53:18.428root 11241100x8000000000000000752173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5115c4f963114f892021-12-20 15:53:18.428root 11241100x8000000000000000752174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08119d8607b11c902021-12-20 15:53:18.428root 11241100x8000000000000000752175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030416e8678645942021-12-20 15:53:18.428root 11241100x8000000000000000752176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2fddfe97ded7842021-12-20 15:53:18.924root 11241100x8000000000000000752177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aa42f815d9f20e2021-12-20 15:53:18.925root 11241100x8000000000000000752178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32652d397008ca612021-12-20 15:53:18.925root 11241100x8000000000000000752179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ea6a3f9e0b519b2021-12-20 15:53:18.925root 11241100x8000000000000000752180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b730b1abd6d0b2632021-12-20 15:53:18.925root 11241100x8000000000000000752181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9f452721aa15982021-12-20 15:53:18.925root 11241100x8000000000000000752182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be538d98fc73ddd82021-12-20 15:53:18.925root 11241100x8000000000000000752183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa5ecd7d166b3ce2021-12-20 15:53:18.925root 11241100x8000000000000000752184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dd3d437d5f2b092021-12-20 15:53:18.925root 11241100x8000000000000000752185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e022585d04fc00a22021-12-20 15:53:18.925root 11241100x8000000000000000752186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d949049866e6dcad2021-12-20 15:53:18.926root 11241100x8000000000000000752187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c641c6d6934896012021-12-20 15:53:18.926root 11241100x8000000000000000752188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5db293b7e336262021-12-20 15:53:18.926root 11241100x8000000000000000752189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f102ffae5150dc52021-12-20 15:53:18.926root 11241100x8000000000000000752190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a700365f479cb22021-12-20 15:53:18.926root 11241100x8000000000000000752191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af1cd42f4d936c32021-12-20 15:53:18.926root 11241100x8000000000000000752192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb55328d061d06b2021-12-20 15:53:18.926root 11241100x8000000000000000752193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e411a339430461a52021-12-20 15:53:18.926root 11241100x8000000000000000752194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66db8eb2f6dee1112021-12-20 15:53:18.926root 11241100x8000000000000000752195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f0a2da712d745f2021-12-20 15:53:18.926root 11241100x8000000000000000752196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48df2d2da8ea4fd2021-12-20 15:53:18.926root 11241100x8000000000000000752197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebe93fe8628f4362021-12-20 15:53:18.927root 11241100x8000000000000000752198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0227273a9d57199e2021-12-20 15:53:18.927root 11241100x8000000000000000752199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a52e2681e2da76e2021-12-20 15:53:18.927root 11241100x8000000000000000752200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a5d1921ba09fd62021-12-20 15:53:18.927root 11241100x8000000000000000752201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef2bc9f5c03bdec2021-12-20 15:53:18.927root 11241100x8000000000000000752202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70da7c90e7bf5c3a2021-12-20 15:53:19.424root 11241100x8000000000000000752203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a10549e367b0d92021-12-20 15:53:19.425root 11241100x8000000000000000752204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef2b18d691b87222021-12-20 15:53:19.425root 11241100x8000000000000000752205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b986d162a7fd672021-12-20 15:53:19.425root 11241100x8000000000000000752206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d0730757db6bd52021-12-20 15:53:19.425root 11241100x8000000000000000752207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb618014521947a2021-12-20 15:53:19.425root 11241100x8000000000000000752208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8775997cf4ff472021-12-20 15:53:19.426root 11241100x8000000000000000752209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0983cc45e25560642021-12-20 15:53:19.426root 11241100x8000000000000000752210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862292cc1b56caec2021-12-20 15:53:19.426root 11241100x8000000000000000752211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79073a04ee3571f92021-12-20 15:53:19.427root 11241100x8000000000000000752212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450c9dacf7df5da82021-12-20 15:53:19.427root 11241100x8000000000000000752213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5071ad0e94dd38932021-12-20 15:53:19.427root 11241100x8000000000000000752214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf2185c703d748e2021-12-20 15:53:19.427root 11241100x8000000000000000752215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6249524282bfbc4a2021-12-20 15:53:19.427root 11241100x8000000000000000752216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa7fe8f45231fd92021-12-20 15:53:19.428root 11241100x8000000000000000752217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270f0f60787089e52021-12-20 15:53:19.428root 11241100x8000000000000000752218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93885c7ac63e27a92021-12-20 15:53:19.428root 11241100x8000000000000000752219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3691c9944bf100642021-12-20 15:53:19.428root 11241100x8000000000000000752220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0394f4387959d8502021-12-20 15:53:19.429root 11241100x8000000000000000752221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831cd910bad8b02f2021-12-20 15:53:19.429root 11241100x8000000000000000752222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d014cabd7f9997b2021-12-20 15:53:19.429root 11241100x8000000000000000752223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225f062b7c25d0b72021-12-20 15:53:19.429root 11241100x8000000000000000752224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3533303305da4f302021-12-20 15:53:19.429root 11241100x8000000000000000752225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b697d7796d95752021-12-20 15:53:19.430root 11241100x8000000000000000752226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3155f33c36347e52021-12-20 15:53:19.430root 11241100x8000000000000000752227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492d64629ef18af32021-12-20 15:53:19.430root 11241100x8000000000000000752228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b537b0325bf92a2021-12-20 15:53:19.924root 11241100x8000000000000000752229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98961e8bb66e8e02021-12-20 15:53:19.925root 11241100x8000000000000000752230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d0865679a4e6902021-12-20 15:53:19.925root 11241100x8000000000000000752231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dead09c2bd4a372021-12-20 15:53:19.925root 11241100x8000000000000000752232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6d09e6928602b52021-12-20 15:53:19.925root 11241100x8000000000000000752233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18800e45d794d1992021-12-20 15:53:19.925root 11241100x8000000000000000752234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cf6f9f3a88fce02021-12-20 15:53:19.926root 11241100x8000000000000000752235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9dc9f9fe9b90fb2021-12-20 15:53:19.926root 11241100x8000000000000000752236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd2f7e3b60e5eb2021-12-20 15:53:19.926root 11241100x8000000000000000752237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68b0584827b1c152021-12-20 15:53:19.926root 11241100x8000000000000000752238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2485c0976a900eae2021-12-20 15:53:19.927root 11241100x8000000000000000752239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099629636d2f4dbc2021-12-20 15:53:19.927root 11241100x8000000000000000752240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c296b80e4246412f2021-12-20 15:53:19.927root 11241100x8000000000000000752241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7342995fe2762d722021-12-20 15:53:19.927root 11241100x8000000000000000752242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9067fcafa4b0b9fc2021-12-20 15:53:19.928root 11241100x8000000000000000752243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bce009a04c8bc842021-12-20 15:53:19.928root 11241100x8000000000000000752244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e00d14e24c20b6c2021-12-20 15:53:19.928root 11241100x8000000000000000752245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680a2c9c75a463522021-12-20 15:53:19.928root 11241100x8000000000000000752246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccba05620688d0882021-12-20 15:53:19.929root 11241100x8000000000000000752247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abcab02926a33092021-12-20 15:53:19.929root 11241100x8000000000000000752248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb62ccf82cdcbd02021-12-20 15:53:19.929root 11241100x8000000000000000752249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329201c1ffc9ea9c2021-12-20 15:53:19.929root 11241100x8000000000000000752250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb82726a06ec66022021-12-20 15:53:19.930root 11241100x8000000000000000752251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32584f4719002f42021-12-20 15:53:19.930root 11241100x8000000000000000752252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9a3267789783f72021-12-20 15:53:19.930root 11241100x8000000000000000752253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa692454f990f7732021-12-20 15:53:19.930root 354300x8000000000000000752254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.028{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46030-false10.0.1.12-8089- 11241100x8000000000000000752255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0135524edf23d44f2021-12-20 15:53:20.424root 11241100x8000000000000000752256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97350ac5f50db1e2021-12-20 15:53:20.424root 11241100x8000000000000000752257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac54ee28588e30f92021-12-20 15:53:20.424root 11241100x8000000000000000752258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6869de2b1947a52021-12-20 15:53:20.424root 11241100x8000000000000000752259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeb446451506f4b2021-12-20 15:53:20.425root 11241100x8000000000000000752260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf92e39d07956952021-12-20 15:53:20.425root 11241100x8000000000000000752261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa36e5443f5039a2021-12-20 15:53:20.425root 11241100x8000000000000000752262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250e779b28d054112021-12-20 15:53:20.425root 11241100x8000000000000000752263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6152b452d26d0c802021-12-20 15:53:20.425root 11241100x8000000000000000752264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9f6de3373c9eca2021-12-20 15:53:20.425root 11241100x8000000000000000752265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366cbdadf57896682021-12-20 15:53:20.425root 11241100x8000000000000000752266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe21d400f64a2462021-12-20 15:53:20.425root 11241100x8000000000000000752267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e55d6d026fff812021-12-20 15:53:20.426root 11241100x8000000000000000752268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59320be57583281a2021-12-20 15:53:20.426root 11241100x8000000000000000752269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856ef53d00af85952021-12-20 15:53:20.426root 11241100x8000000000000000752270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c581b901adde0c2021-12-20 15:53:20.426root 11241100x8000000000000000752271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1d28f60186e8402021-12-20 15:53:20.426root 11241100x8000000000000000752272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7343df1e3ccb1a2021-12-20 15:53:20.426root 11241100x8000000000000000752273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160136d34282d1d62021-12-20 15:53:20.426root 11241100x8000000000000000752274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb62c515dbe9b682021-12-20 15:53:20.426root 11241100x8000000000000000752275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07ba3549f000bd52021-12-20 15:53:20.426root 11241100x8000000000000000752276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed05c8d3ed984b72021-12-20 15:53:20.427root 11241100x8000000000000000752277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088155a97321d59c2021-12-20 15:53:20.427root 11241100x8000000000000000752278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b674e29a6318512a2021-12-20 15:53:20.427root 11241100x8000000000000000752279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3566e9fe0d8aa11e2021-12-20 15:53:20.427root 11241100x8000000000000000752280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141300ebde8a59b32021-12-20 15:53:20.428root 11241100x8000000000000000752281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38609432d49c8b2021-12-20 15:53:20.428root 11241100x8000000000000000752282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85c3f6905388e2b2021-12-20 15:53:20.924root 11241100x8000000000000000752283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79f6f5a15be79b32021-12-20 15:53:20.924root 11241100x8000000000000000752284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3813667d8e843a412021-12-20 15:53:20.925root 11241100x8000000000000000752285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df45a514755781d32021-12-20 15:53:20.925root 11241100x8000000000000000752286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d015de754bfcbfba2021-12-20 15:53:20.925root 11241100x8000000000000000752287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58e5f23968247922021-12-20 15:53:20.925root 11241100x8000000000000000752288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c83b614d0f0e7d2021-12-20 15:53:20.926root 11241100x8000000000000000752289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56ab313c5c1e32d2021-12-20 15:53:20.926root 11241100x8000000000000000752290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552a70cb4391315c2021-12-20 15:53:20.926root 11241100x8000000000000000752291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdc67f67b924eea2021-12-20 15:53:20.926root 11241100x8000000000000000752292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1950573961584de12021-12-20 15:53:20.926root 11241100x8000000000000000752293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0021ea7d9e1bea82021-12-20 15:53:20.927root 11241100x8000000000000000752294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e766a101601a48252021-12-20 15:53:20.927root 11241100x8000000000000000752295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a952c63b603b44702021-12-20 15:53:20.927root 11241100x8000000000000000752296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010392db0383cf312021-12-20 15:53:20.927root 11241100x8000000000000000752297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54fbfcefc2ddf582021-12-20 15:53:20.928root 11241100x8000000000000000752298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0e241cb6792b002021-12-20 15:53:20.928root 11241100x8000000000000000752299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badebb306aeccb642021-12-20 15:53:20.928root 11241100x8000000000000000752300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f152a5f94a8f8d502021-12-20 15:53:20.928root 11241100x8000000000000000752301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1848fceea76b313b2021-12-20 15:53:20.929root 11241100x8000000000000000752302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63761623e3af1332021-12-20 15:53:20.929root 11241100x8000000000000000752303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6491ba6edec1f62021-12-20 15:53:20.929root 11241100x8000000000000000752304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2650b22f6cd08002021-12-20 15:53:20.929root 11241100x8000000000000000752305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e8378d5a3ab3252021-12-20 15:53:20.929root 11241100x8000000000000000752306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b8c4f4b1b8780d2021-12-20 15:53:20.929root 11241100x8000000000000000752307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea5e4ba7854b4e92021-12-20 15:53:20.929root 11241100x8000000000000000752308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d8441b5811eb322021-12-20 15:53:20.929root 11241100x8000000000000000752309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2df81fd87f4cd62021-12-20 15:53:21.424root 11241100x8000000000000000752310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865776931e2e850c2021-12-20 15:53:21.425root 11241100x8000000000000000752311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e79b83c27184822021-12-20 15:53:21.425root 11241100x8000000000000000752312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8334fbe948cc302021-12-20 15:53:21.425root 11241100x8000000000000000752313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd40c61015ebeff32021-12-20 15:53:21.425root 11241100x8000000000000000752314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852521eb826169b92021-12-20 15:53:21.425root 11241100x8000000000000000752315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f810a74b81d439d2021-12-20 15:53:21.426root 11241100x8000000000000000752316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d705d368a77a5d1f2021-12-20 15:53:21.426root 11241100x8000000000000000752317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9901129365e6d08a2021-12-20 15:53:21.426root 11241100x8000000000000000752318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c374c7fb469f1fe2021-12-20 15:53:21.426root 11241100x8000000000000000752319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed5cdc0cb89babc2021-12-20 15:53:21.427root 11241100x8000000000000000752320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12edfdf801ea0e512021-12-20 15:53:21.427root 11241100x8000000000000000752321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68aa247170bdbf782021-12-20 15:53:21.427root 11241100x8000000000000000752322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ddc6dda4fd8fde2021-12-20 15:53:21.427root 11241100x8000000000000000752323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7048b497019645942021-12-20 15:53:21.428root 11241100x8000000000000000752324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84465bbf1e015a882021-12-20 15:53:21.428root 11241100x8000000000000000752325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c51ff816760d012021-12-20 15:53:21.428root 11241100x8000000000000000752326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa57217160ed5282021-12-20 15:53:21.428root 11241100x8000000000000000752327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f6444c9041985e2021-12-20 15:53:21.429root 11241100x8000000000000000752328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aea9138656436cd2021-12-20 15:53:21.429root 11241100x8000000000000000752329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcc4d5007b1060d2021-12-20 15:53:21.429root 11241100x8000000000000000752330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68e3cdcfefb2d4f2021-12-20 15:53:21.429root 11241100x8000000000000000752331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b4d283009fa81d2021-12-20 15:53:21.429root 11241100x8000000000000000752332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7138af3fea83a62021-12-20 15:53:21.429root 11241100x8000000000000000752333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dbe58d31d4bcf32021-12-20 15:53:21.429root 11241100x8000000000000000752334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ccdff283ccc5882021-12-20 15:53:21.429root 11241100x8000000000000000752335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b7aee1ec4615612021-12-20 15:53:21.429root 11241100x8000000000000000752336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6708703af60ce002021-12-20 15:53:21.924root 11241100x8000000000000000752337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d602e8351199ef2021-12-20 15:53:21.925root 11241100x8000000000000000752338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58d89b0d3835ed42021-12-20 15:53:21.925root 11241100x8000000000000000752339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac5fa16f72358062021-12-20 15:53:21.925root 11241100x8000000000000000752340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8072526bc345ed1b2021-12-20 15:53:21.925root 11241100x8000000000000000752341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162535eeed62b0082021-12-20 15:53:21.925root 11241100x8000000000000000752342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cac88f30aa840042021-12-20 15:53:21.926root 11241100x8000000000000000752343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf3ed3f3cc9b47a2021-12-20 15:53:21.926root 11241100x8000000000000000752344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27abad26cb36125f2021-12-20 15:53:21.926root 11241100x8000000000000000752345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee0274e27efdf092021-12-20 15:53:21.926root 11241100x8000000000000000752346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51024d9e86451e0d2021-12-20 15:53:21.927root 11241100x8000000000000000752347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d162e0f1b47af72021-12-20 15:53:21.927root 11241100x8000000000000000752348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b894d1c085aa3992021-12-20 15:53:21.927root 11241100x8000000000000000752349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff1270be8cc06362021-12-20 15:53:21.927root 11241100x8000000000000000752350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9b986a7c27fdc22021-12-20 15:53:21.927root 11241100x8000000000000000752351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a39c5768ed8ff6d2021-12-20 15:53:21.927root 11241100x8000000000000000752352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685a0fca451c1cae2021-12-20 15:53:21.927root 11241100x8000000000000000752353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecd43515194756e2021-12-20 15:53:21.927root 11241100x8000000000000000752354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2c3900c23c43cf2021-12-20 15:53:21.928root 11241100x8000000000000000752355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0042f5d515a751f32021-12-20 15:53:21.928root 11241100x8000000000000000752356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a43ed868858a4802021-12-20 15:53:21.929root 11241100x8000000000000000752357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfbdfc3be3239262021-12-20 15:53:21.930root 11241100x8000000000000000752358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ece33d1c8b85792021-12-20 15:53:21.930root 11241100x8000000000000000752359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a8469d0753e2f32021-12-20 15:53:21.930root 11241100x8000000000000000752360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63298cc6af0848912021-12-20 15:53:21.930root 11241100x8000000000000000752361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06b7a4ce1153c1a2021-12-20 15:53:21.931root 11241100x8000000000000000752362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fef529f9606bea2021-12-20 15:53:21.931root 11241100x8000000000000000752363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046c5a09c937ebd92021-12-20 15:53:22.424root 11241100x8000000000000000752364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb30fba58e9bdbb02021-12-20 15:53:22.425root 11241100x8000000000000000752365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd6b515bd2883fc2021-12-20 15:53:22.425root 11241100x8000000000000000752366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a46914ec572fd5e2021-12-20 15:53:22.425root 11241100x8000000000000000752367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0b2cf48a4c05822021-12-20 15:53:22.425root 11241100x8000000000000000752368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3faa5a541dd4dc2021-12-20 15:53:22.425root 11241100x8000000000000000752369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d28dbd2ec897832021-12-20 15:53:22.426root 11241100x8000000000000000752370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313ace8a65d99d2c2021-12-20 15:53:22.426root 11241100x8000000000000000752371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ac0939625819fa2021-12-20 15:53:22.426root 11241100x8000000000000000752372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b47d5a9dc384372021-12-20 15:53:22.426root 11241100x8000000000000000752373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61ef67594b268092021-12-20 15:53:22.427root 11241100x8000000000000000752374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf58a88312b6e542021-12-20 15:53:22.427root 11241100x8000000000000000752375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f392d8854d761fc42021-12-20 15:53:22.427root 11241100x8000000000000000752376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e062f90c6fc99a292021-12-20 15:53:22.427root 11241100x8000000000000000752377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8511694dfbc3ae192021-12-20 15:53:22.427root 11241100x8000000000000000752378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdd7bc44d5da8622021-12-20 15:53:22.428root 11241100x8000000000000000752379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c965a251c9dfe92021-12-20 15:53:22.428root 11241100x8000000000000000752380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39194404d0dc3d3d2021-12-20 15:53:22.428root 11241100x8000000000000000752381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697a933f6455c91f2021-12-20 15:53:22.428root 11241100x8000000000000000752382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b7781b9996257c2021-12-20 15:53:22.428root 11241100x8000000000000000752383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c7a03268ec8e712021-12-20 15:53:22.428root 11241100x8000000000000000752384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e87eaf3fe36d082021-12-20 15:53:22.428root 11241100x8000000000000000752385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a87aaa77995e3af2021-12-20 15:53:22.428root 11241100x8000000000000000752386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd2669eec9a322e2021-12-20 15:53:22.428root 11241100x8000000000000000752387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160a7cd3ec6b34222021-12-20 15:53:22.428root 11241100x8000000000000000752388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9735eb73c1d082021-12-20 15:53:22.429root 11241100x8000000000000000752389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b27807938fb81942021-12-20 15:53:22.429root 11241100x8000000000000000752390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49891c48effe8caf2021-12-20 15:53:22.924root 11241100x8000000000000000752391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f5c2767ef741b62021-12-20 15:53:22.924root 11241100x8000000000000000752392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c947da6e8bcb1ec02021-12-20 15:53:22.924root 11241100x8000000000000000752393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4006976ea77d8992021-12-20 15:53:22.924root 11241100x8000000000000000752394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a7015c01c21cc82021-12-20 15:53:22.925root 11241100x8000000000000000752395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be3d1bdb7db234b2021-12-20 15:53:22.925root 11241100x8000000000000000752396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aed7d53d3505c022021-12-20 15:53:22.925root 11241100x8000000000000000752397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b061e2fe6348502021-12-20 15:53:22.925root 11241100x8000000000000000752398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456ff68e06e2dfc42021-12-20 15:53:22.925root 11241100x8000000000000000752399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaafe997f6ccd1a2021-12-20 15:53:22.925root 11241100x8000000000000000752400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35580538e74dd762021-12-20 15:53:22.925root 11241100x8000000000000000752401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdd178f1a4376052021-12-20 15:53:22.925root 11241100x8000000000000000752402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2009a71996604d2021-12-20 15:53:22.925root 11241100x8000000000000000752403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1653232f59bd9c92021-12-20 15:53:22.925root 11241100x8000000000000000752404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53b1eb3842f35902021-12-20 15:53:22.926root 11241100x8000000000000000752405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3438399b2ff127422021-12-20 15:53:22.926root 11241100x8000000000000000752406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a980a64239641ab92021-12-20 15:53:22.926root 11241100x8000000000000000752407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a3941e34fee5872021-12-20 15:53:22.926root 11241100x8000000000000000752408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2827699f51198f2021-12-20 15:53:22.926root 11241100x8000000000000000752409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43852df6f60f9c182021-12-20 15:53:22.926root 11241100x8000000000000000752410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748c6a0f70b889a92021-12-20 15:53:22.926root 11241100x8000000000000000752411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e447bf075eb1bd12021-12-20 15:53:22.926root 11241100x8000000000000000752412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374c871bdf59d6972021-12-20 15:53:22.927root 11241100x8000000000000000752413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9876e6ba5e8c852021-12-20 15:53:22.927root 11241100x8000000000000000752414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c2006b594a155e2021-12-20 15:53:22.927root 11241100x8000000000000000752415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80135d2aa78295f62021-12-20 15:53:22.927root 11241100x8000000000000000752416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe96e259ead5e262021-12-20 15:53:22.927root 354300x8000000000000000752417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.172{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51330-false10.0.1.12-8000- 11241100x8000000000000000752418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9e70753c0cd1962021-12-20 15:53:23.424root 11241100x8000000000000000752419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6bfd2bbc137f3f2021-12-20 15:53:23.424root 11241100x8000000000000000752420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf683c99adfec9b22021-12-20 15:53:23.424root 11241100x8000000000000000752421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb9a3636a5ab81e2021-12-20 15:53:23.424root 11241100x8000000000000000752422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58adbe9aee7c19482021-12-20 15:53:23.425root 11241100x8000000000000000752423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722434674a3324012021-12-20 15:53:23.425root 11241100x8000000000000000752424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da61a535fcb3d412021-12-20 15:53:23.425root 11241100x8000000000000000752425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdde99799e3a1502021-12-20 15:53:23.425root 11241100x8000000000000000752426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2526b27fd5def34d2021-12-20 15:53:23.425root 11241100x8000000000000000752427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206a301009b9051a2021-12-20 15:53:23.425root 11241100x8000000000000000752428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc83ba15e5ddad92021-12-20 15:53:23.425root 11241100x8000000000000000752429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a3321c4093ed412021-12-20 15:53:23.425root 11241100x8000000000000000752430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bf0eaed519592b2021-12-20 15:53:23.425root 11241100x8000000000000000752431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105ba6a8400064c52021-12-20 15:53:23.425root 11241100x8000000000000000752432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959b5227273248052021-12-20 15:53:23.425root 11241100x8000000000000000752433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831cf200f9f9d3892021-12-20 15:53:23.426root 11241100x8000000000000000752434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d800ff707f3db62021-12-20 15:53:23.426root 11241100x8000000000000000752435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1861288272a882952021-12-20 15:53:23.426root 11241100x8000000000000000752436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0e8892e78cc0af2021-12-20 15:53:23.426root 11241100x8000000000000000752437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bdb6c8c2cfa03e2021-12-20 15:53:23.427root 11241100x8000000000000000752438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ef31686c0d89542021-12-20 15:53:23.427root 11241100x8000000000000000752439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bbfdb47258e9e52021-12-20 15:53:23.427root 11241100x8000000000000000752440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1f738cc5cadf5c2021-12-20 15:53:23.427root 11241100x8000000000000000752441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc4b63efca8ec8b2021-12-20 15:53:23.428root 11241100x8000000000000000752442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b65c83c3e0847c2021-12-20 15:53:23.428root 11241100x8000000000000000752443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99d98063c718f302021-12-20 15:53:23.428root 11241100x8000000000000000752444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883e176b738754b22021-12-20 15:53:23.428root 11241100x8000000000000000752445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b32211a6c20b152021-12-20 15:53:23.428root 11241100x8000000000000000752446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcf9665f7fcf8b52021-12-20 15:53:23.429root 11241100x8000000000000000752447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877dcb1a7eba3ca02021-12-20 15:53:23.429root 11241100x8000000000000000752448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae91c7634d9ed372021-12-20 15:53:23.429root 11241100x8000000000000000752449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94fbbb9d03986782021-12-20 15:53:23.429root 11241100x8000000000000000752450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54431efb046a43492021-12-20 15:53:23.429root 11241100x8000000000000000752451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088aa0f25e5ab0652021-12-20 15:53:23.429root 11241100x8000000000000000752452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c473de90d121f642021-12-20 15:53:23.430root 11241100x8000000000000000752453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcbfd64b6f5d1e42021-12-20 15:53:23.430root 11241100x8000000000000000752454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c7b59df487c1a32021-12-20 15:53:23.924root 11241100x8000000000000000752455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ed3ecff0a1b64d2021-12-20 15:53:23.925root 11241100x8000000000000000752456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82bbb6f8523c8522021-12-20 15:53:23.925root 11241100x8000000000000000752457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc56ecc2bc0b97c52021-12-20 15:53:23.925root 11241100x8000000000000000752458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3eaee2a7a12ac642021-12-20 15:53:23.925root 11241100x8000000000000000752459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f86a474b18244df2021-12-20 15:53:23.925root 11241100x8000000000000000752460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a125fb9fffe550e82021-12-20 15:53:23.926root 11241100x8000000000000000752461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa435db49553d5d82021-12-20 15:53:23.926root 11241100x8000000000000000752462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b633fad296b15cd2021-12-20 15:53:23.926root 11241100x8000000000000000752463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2eb8a64c7ffcd32021-12-20 15:53:23.926root 11241100x8000000000000000752464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4ce4126cf11d7e2021-12-20 15:53:23.927root 11241100x8000000000000000752465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efef32a51db47edb2021-12-20 15:53:23.927root 11241100x8000000000000000752466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7065a5424d1313b82021-12-20 15:53:23.927root 11241100x8000000000000000752467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90782739ea180b6b2021-12-20 15:53:23.928root 11241100x8000000000000000752468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e586e8154802a452021-12-20 15:53:23.928root 11241100x8000000000000000752469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4914729e5f2c62482021-12-20 15:53:23.928root 11241100x8000000000000000752470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf18d83ab6619102021-12-20 15:53:23.928root 11241100x8000000000000000752471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fc1bf62efa68232021-12-20 15:53:23.928root 11241100x8000000000000000752472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57da0bcc5317fbb92021-12-20 15:53:23.928root 11241100x8000000000000000752473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095a49ee31d466812021-12-20 15:53:23.928root 11241100x8000000000000000752474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ce65912c9a7e572021-12-20 15:53:23.929root 11241100x8000000000000000752475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf28dfd8361c8362021-12-20 15:53:23.929root 11241100x8000000000000000752476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bc05bacf1cceba2021-12-20 15:53:23.929root 11241100x8000000000000000752477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf374739f9211772021-12-20 15:53:23.929root 11241100x8000000000000000752478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c771a9669f5ae02021-12-20 15:53:23.929root 11241100x8000000000000000752479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c18e83be4b7b74f2021-12-20 15:53:23.929root 11241100x8000000000000000752480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95289f0cd7d298c52021-12-20 15:53:23.929root 11241100x8000000000000000752481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74407c0e7ff8a0102021-12-20 15:53:23.929root 11241100x8000000000000000752482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a95f6999f0cf262021-12-20 15:53:24.424root 11241100x8000000000000000752483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a59d3e0b67da1962021-12-20 15:53:24.424root 11241100x8000000000000000752484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fa98ec3aec38682021-12-20 15:53:24.424root 11241100x8000000000000000752485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72128297fdad5442021-12-20 15:53:24.424root 11241100x8000000000000000752486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf7c360042f14ba2021-12-20 15:53:24.425root 11241100x8000000000000000752487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521410edc617e8282021-12-20 15:53:24.425root 11241100x8000000000000000752488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ea4384b118ab032021-12-20 15:53:24.425root 11241100x8000000000000000752489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a0e7b177e1727f2021-12-20 15:53:24.425root 11241100x8000000000000000752490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6251ab231a83dabb2021-12-20 15:53:24.425root 11241100x8000000000000000752491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b7b7163a2245252021-12-20 15:53:24.425root 11241100x8000000000000000752492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24ee5592e8e96f42021-12-20 15:53:24.425root 11241100x8000000000000000752493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa701439305463d2021-12-20 15:53:24.425root 11241100x8000000000000000752494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b6837a8cfd6f4c2021-12-20 15:53:24.425root 11241100x8000000000000000752495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6e954a4df587b52021-12-20 15:53:24.425root 11241100x8000000000000000752496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20937ffa8f3daca2021-12-20 15:53:24.426root 11241100x8000000000000000752497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54931e474a7cee72021-12-20 15:53:24.426root 11241100x8000000000000000752498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c563a17213a9a8f02021-12-20 15:53:24.426root 11241100x8000000000000000752499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941d30c26adf28542021-12-20 15:53:24.426root 11241100x8000000000000000752500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396f8569241a7c702021-12-20 15:53:24.426root 11241100x8000000000000000752501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d33bba239cbdb332021-12-20 15:53:24.426root 11241100x8000000000000000752502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78596b5fc5244462021-12-20 15:53:24.426root 11241100x8000000000000000752503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207405b0fc9aa5bd2021-12-20 15:53:24.426root 11241100x8000000000000000752504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02050bcf10770dbc2021-12-20 15:53:24.426root 11241100x8000000000000000752505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3e27b13518e1662021-12-20 15:53:24.426root 11241100x8000000000000000752506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cff6c9c03df84b12021-12-20 15:53:24.426root 11241100x8000000000000000752507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000ca27f30562c4e2021-12-20 15:53:24.427root 11241100x8000000000000000752508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97be6e467ae39de2021-12-20 15:53:24.427root 11241100x8000000000000000752509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff49c9470e15c062021-12-20 15:53:24.427root 11241100x8000000000000000752510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36672667f77e60332021-12-20 15:53:24.924root 11241100x8000000000000000752511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de13bc7fbc138a2d2021-12-20 15:53:24.924root 11241100x8000000000000000752512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcda3abaf653b4e2021-12-20 15:53:24.924root 11241100x8000000000000000752513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258e71cba56c328f2021-12-20 15:53:24.924root 11241100x8000000000000000752514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af0df5f6660d01f2021-12-20 15:53:24.925root 11241100x8000000000000000752515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c2e4526b066a502021-12-20 15:53:24.925root 11241100x8000000000000000752516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184c6633e7afa3512021-12-20 15:53:24.925root 11241100x8000000000000000752517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be83e3531a4fe012021-12-20 15:53:24.925root 11241100x8000000000000000752518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf31a2d6a07f481c2021-12-20 15:53:24.925root 11241100x8000000000000000752519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa481c8e7e341412021-12-20 15:53:24.925root 11241100x8000000000000000752520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a698880e3ba19bc72021-12-20 15:53:24.925root 11241100x8000000000000000752521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82856a38f2c5df0a2021-12-20 15:53:24.925root 11241100x8000000000000000752522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5ef24fc6bd726e2021-12-20 15:53:24.926root 11241100x8000000000000000752523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856171385d34ac352021-12-20 15:53:24.926root 11241100x8000000000000000752524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e4a8d0075d7dbf2021-12-20 15:53:24.926root 11241100x8000000000000000752525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3f47e0aa1d52812021-12-20 15:53:24.926root 11241100x8000000000000000752526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4957ae6e8fd5c92021-12-20 15:53:24.926root 11241100x8000000000000000752527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383dfac5eb4b8de42021-12-20 15:53:24.926root 11241100x8000000000000000752528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36a2c1a13cac2492021-12-20 15:53:24.926root 11241100x8000000000000000752529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11844135c4bcf072021-12-20 15:53:24.926root 11241100x8000000000000000752530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4b1c9ec3c92e3a2021-12-20 15:53:24.926root 11241100x8000000000000000752531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1beb2937d66ea3a2021-12-20 15:53:24.926root 11241100x8000000000000000752532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7809adf409c9c12021-12-20 15:53:24.927root 11241100x8000000000000000752533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565612d0c19efe992021-12-20 15:53:24.927root 11241100x8000000000000000752534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d60419e1f928742021-12-20 15:53:24.927root 11241100x8000000000000000752535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca433b0a412e951c2021-12-20 15:53:24.927root 11241100x8000000000000000752536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68604ddf4571df2c2021-12-20 15:53:24.927root 11241100x8000000000000000752537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a8484fc0f5aaf62021-12-20 15:53:24.927root 11241100x8000000000000000752538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5824ffa9e4f2e5b32021-12-20 15:53:24.927root 11241100x8000000000000000752539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4e978bacb792652021-12-20 15:53:25.424root 11241100x8000000000000000752540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffa1b4510daac822021-12-20 15:53:25.424root 11241100x8000000000000000752541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85159200167802e52021-12-20 15:53:25.424root 11241100x8000000000000000752542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3227aca99053c102021-12-20 15:53:25.424root 11241100x8000000000000000752543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7c2a71f760ac7c2021-12-20 15:53:25.425root 11241100x8000000000000000752544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6a2cd3aa16bba32021-12-20 15:53:25.425root 11241100x8000000000000000752545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e71756958746e22021-12-20 15:53:25.425root 11241100x8000000000000000752546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad23bb4f45e54882021-12-20 15:53:25.425root 11241100x8000000000000000752547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3737f797666f022021-12-20 15:53:25.425root 11241100x8000000000000000752548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a3a284f33370602021-12-20 15:53:25.425root 11241100x8000000000000000752549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67692f21b258d9d2021-12-20 15:53:25.425root 11241100x8000000000000000752550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c632fab7f718f82021-12-20 15:53:25.425root 11241100x8000000000000000752551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b896d77a5c7f492021-12-20 15:53:25.425root 11241100x8000000000000000752552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c00179ca2dfd492021-12-20 15:53:25.425root 11241100x8000000000000000752553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc02434ee8468e62021-12-20 15:53:25.425root 11241100x8000000000000000752554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a89324238194ed2021-12-20 15:53:25.426root 11241100x8000000000000000752555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e829d30fdf65da3c2021-12-20 15:53:25.426root 11241100x8000000000000000752556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caa2e58dc695a882021-12-20 15:53:25.426root 11241100x8000000000000000752557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25af0930808559d12021-12-20 15:53:25.426root 11241100x8000000000000000752558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d721eba2eed1d59f2021-12-20 15:53:25.426root 11241100x8000000000000000752559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a8ec29b9f428502021-12-20 15:53:25.426root 11241100x8000000000000000752560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470578aa2b5a475e2021-12-20 15:53:25.427root 11241100x8000000000000000752561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a17644171ad28d2021-12-20 15:53:25.427root 11241100x8000000000000000752562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf9fb165d7ee39b2021-12-20 15:53:25.427root 11241100x8000000000000000752563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5eab4b4058cd55b2021-12-20 15:53:25.427root 11241100x8000000000000000752564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d90274f314fe8d2021-12-20 15:53:25.427root 11241100x8000000000000000752565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14100566535067ed2021-12-20 15:53:25.428root 11241100x8000000000000000752566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b203f04ba813d82021-12-20 15:53:25.428root 11241100x8000000000000000752567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14dc12f871eb1bf2021-12-20 15:53:25.924root 11241100x8000000000000000752568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a45c26e0dd3edd2021-12-20 15:53:25.925root 11241100x8000000000000000752569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6167d7162a75a8062021-12-20 15:53:25.925root 11241100x8000000000000000752570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613dca5222bd99682021-12-20 15:53:25.925root 11241100x8000000000000000752571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bd2f1eb0a4fb1e2021-12-20 15:53:25.925root 11241100x8000000000000000752572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead6ba87024f047d2021-12-20 15:53:25.926root 11241100x8000000000000000752573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69788e643f29f4ab2021-12-20 15:53:25.926root 11241100x8000000000000000752574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb437b4bfc803ae2021-12-20 15:53:25.926root 11241100x8000000000000000752575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fa934dd1fc6dff2021-12-20 15:53:25.926root 11241100x8000000000000000752576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc96f58fa2615b12021-12-20 15:53:25.926root 11241100x8000000000000000752577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3603db61f350c2d62021-12-20 15:53:25.927root 11241100x8000000000000000752578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd3d428d40e1d8e2021-12-20 15:53:25.927root 11241100x8000000000000000752579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a34ae2711a050d22021-12-20 15:53:25.927root 11241100x8000000000000000752580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35faf3fa7acc2e192021-12-20 15:53:25.928root 11241100x8000000000000000752581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c9aceb71c3372c2021-12-20 15:53:25.928root 11241100x8000000000000000752582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703fc5fb386d5e362021-12-20 15:53:25.928root 11241100x8000000000000000752583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f06e42073cb54f2021-12-20 15:53:25.928root 11241100x8000000000000000752584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4e0ae3aa6f8ef02021-12-20 15:53:25.928root 11241100x8000000000000000752585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34647edaf964b072021-12-20 15:53:25.928root 11241100x8000000000000000752586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32abd7aad7cf9fa2021-12-20 15:53:25.929root 11241100x8000000000000000752587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0553396af57b98372021-12-20 15:53:25.929root 11241100x8000000000000000752588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f49fa2b8272777d2021-12-20 15:53:25.929root 11241100x8000000000000000752589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9921b005412ccb2021-12-20 15:53:25.929root 11241100x8000000000000000752590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366b70c34fb6e5be2021-12-20 15:53:25.929root 11241100x8000000000000000752591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca6262eceea7bcc2021-12-20 15:53:25.929root 11241100x8000000000000000752592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f44556c8d57c17f2021-12-20 15:53:25.930root 11241100x8000000000000000752593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa535c890eda2b5a2021-12-20 15:53:25.930root 11241100x8000000000000000752594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d59784c33bc5f302021-12-20 15:53:25.930root 11241100x8000000000000000752595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fb46fef2db5f132021-12-20 15:53:26.424root 11241100x8000000000000000752596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143f7a098146392b2021-12-20 15:53:26.424root 11241100x8000000000000000752597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0e8be2da95f0102021-12-20 15:53:26.424root 11241100x8000000000000000752598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f060a61aa5d1d15e2021-12-20 15:53:26.425root 11241100x8000000000000000752599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1601ce2a426fbbc82021-12-20 15:53:26.425root 11241100x8000000000000000752600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3005be1ca9e9eb462021-12-20 15:53:26.425root 11241100x8000000000000000752601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da9d2661c3a9ff72021-12-20 15:53:26.425root 11241100x8000000000000000752602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c3683128a706b82021-12-20 15:53:26.425root 11241100x8000000000000000752603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ee7d23443a13f12021-12-20 15:53:26.425root 11241100x8000000000000000752604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88fdb29848133e02021-12-20 15:53:26.425root 11241100x8000000000000000752605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eef015fcf638f262021-12-20 15:53:26.425root 11241100x8000000000000000752606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e31a73b41d179512021-12-20 15:53:26.425root 11241100x8000000000000000752607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f320049d952316122021-12-20 15:53:26.426root 11241100x8000000000000000752608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738b813b690560302021-12-20 15:53:26.426root 11241100x8000000000000000752609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6243becabe18b8a2021-12-20 15:53:26.426root 11241100x8000000000000000752610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04d63afeff884322021-12-20 15:53:26.426root 11241100x8000000000000000752611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c76e3256c4e37d62021-12-20 15:53:26.426root 11241100x8000000000000000752612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908690696ed522d62021-12-20 15:53:26.426root 11241100x8000000000000000752613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5270b77d55172b2021-12-20 15:53:26.426root 11241100x8000000000000000752614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07228c5f22af74ec2021-12-20 15:53:26.426root 11241100x8000000000000000752615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a46cd34709ee4472021-12-20 15:53:26.426root 11241100x8000000000000000752616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28232d0294d99d0f2021-12-20 15:53:26.426root 11241100x8000000000000000752617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4b4afe2e78d3242021-12-20 15:53:26.427root 11241100x8000000000000000752618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93ce5d5a881a24e2021-12-20 15:53:26.427root 11241100x8000000000000000752619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff5bd6e3383aab62021-12-20 15:53:26.427root 11241100x8000000000000000752620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bad8b2693882052021-12-20 15:53:26.427root 11241100x8000000000000000752621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbd221a9ae4d24d2021-12-20 15:53:26.430root 11241100x8000000000000000752622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97403fd0cf25e3972021-12-20 15:53:26.430root 11241100x8000000000000000752623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d21265563ac11d2021-12-20 15:53:26.924root 11241100x8000000000000000752624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c2f9203c4811a72021-12-20 15:53:26.924root 11241100x8000000000000000752625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7242bff6f6a45342021-12-20 15:53:26.924root 11241100x8000000000000000752626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844caef5d35eab962021-12-20 15:53:26.925root 11241100x8000000000000000752627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed53099fcdafca22021-12-20 15:53:26.925root 11241100x8000000000000000752628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5103503842fe6d2021-12-20 15:53:26.925root 11241100x8000000000000000752629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e981a703b071342021-12-20 15:53:26.925root 11241100x8000000000000000752630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec746a6df70513032021-12-20 15:53:26.925root 11241100x8000000000000000752631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50439887c490eeb2021-12-20 15:53:26.925root 11241100x8000000000000000752632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bf23fca43b7a902021-12-20 15:53:26.925root 11241100x8000000000000000752633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebb3f5d833d3c002021-12-20 15:53:26.925root 11241100x8000000000000000752634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ea60d813636f5c2021-12-20 15:53:26.925root 11241100x8000000000000000752635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8366724a1c3c9f9f2021-12-20 15:53:26.925root 11241100x8000000000000000752636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57c048127b64b1c2021-12-20 15:53:26.925root 11241100x8000000000000000752637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd89bebe6778b0a2021-12-20 15:53:26.926root 11241100x8000000000000000752638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb908c27bce0afb2021-12-20 15:53:26.926root 11241100x8000000000000000752639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adf073ef006b1972021-12-20 15:53:26.926root 11241100x8000000000000000752640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc2e21e45f029e82021-12-20 15:53:26.926root 11241100x8000000000000000752641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c421f4b012cb2b2f2021-12-20 15:53:26.926root 11241100x8000000000000000752642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04df18a4ed1bf4f2021-12-20 15:53:26.926root 11241100x8000000000000000752643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f898ba18b099be72021-12-20 15:53:26.926root 11241100x8000000000000000752644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293d3ea59fef7a5a2021-12-20 15:53:26.926root 11241100x8000000000000000752645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1537d2faea33c852021-12-20 15:53:26.926root 11241100x8000000000000000752646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09bc8a4cb91425f2021-12-20 15:53:26.926root 11241100x8000000000000000752647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5882e4289edebd1b2021-12-20 15:53:26.927root 11241100x8000000000000000752648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180573b7e72e9b442021-12-20 15:53:26.927root 11241100x8000000000000000752649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f949088af19c2a2021-12-20 15:53:26.927root 11241100x8000000000000000752650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2bdfebe7d258872021-12-20 15:53:26.927root 11241100x8000000000000000752651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7200d2bac20f5b2021-12-20 15:53:26.927root 11241100x8000000000000000752652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb95c2ab648ba50a2021-12-20 15:53:26.927root 11241100x8000000000000000752653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250044d713aec2432021-12-20 15:53:27.424root 11241100x8000000000000000752654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3033deb88b06a3b2021-12-20 15:53:27.424root 11241100x8000000000000000752655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96adb70180757da2021-12-20 15:53:27.424root 11241100x8000000000000000752656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3085a144b3bb8092021-12-20 15:53:27.424root 11241100x8000000000000000752657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b3ce9586d4db752021-12-20 15:53:27.425root 11241100x8000000000000000752658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c9dd2d2fe8e4982021-12-20 15:53:27.425root 11241100x8000000000000000752659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40050eb6a1d91d9f2021-12-20 15:53:27.425root 11241100x8000000000000000752660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06ebc0938861fc52021-12-20 15:53:27.425root 11241100x8000000000000000752661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338779019f1158542021-12-20 15:53:27.425root 11241100x8000000000000000752662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0942e323ee4e5a2021-12-20 15:53:27.425root 11241100x8000000000000000752663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2222c454547bae562021-12-20 15:53:27.425root 11241100x8000000000000000752664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b732d480bf416b8c2021-12-20 15:53:27.425root 11241100x8000000000000000752665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017322d8cc1f01d02021-12-20 15:53:27.425root 11241100x8000000000000000752666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113ac8453f811f9f2021-12-20 15:53:27.425root 11241100x8000000000000000752667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0545a61828fa8ec42021-12-20 15:53:27.425root 11241100x8000000000000000752668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464e3d26bd1f0f862021-12-20 15:53:27.425root 11241100x8000000000000000752669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b6af4581aad3012021-12-20 15:53:27.426root 11241100x8000000000000000752670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c869df5d6f9bf7e2021-12-20 15:53:27.426root 11241100x8000000000000000752671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31f4856923b354b2021-12-20 15:53:27.426root 11241100x8000000000000000752672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6989dbf41e22df82021-12-20 15:53:27.426root 11241100x8000000000000000752673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0258552f849ec6df2021-12-20 15:53:27.426root 11241100x8000000000000000752674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e952595431d648c2021-12-20 15:53:27.426root 11241100x8000000000000000752675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58379ac44d7b16b72021-12-20 15:53:27.426root 11241100x8000000000000000752676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb16f9b58885abc2021-12-20 15:53:27.426root 11241100x8000000000000000752677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d338e1c8dcbed1b2021-12-20 15:53:27.426root 11241100x8000000000000000752678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29c3b4831f503442021-12-20 15:53:27.426root 11241100x8000000000000000752679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da1ba0e92fea0f22021-12-20 15:53:27.426root 11241100x8000000000000000752680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c1d2fc48fc77242021-12-20 15:53:27.427root 11241100x8000000000000000752681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4545913182f1b7022021-12-20 15:53:27.427root 11241100x8000000000000000752682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f891feccd61bdd2021-12-20 15:53:27.924root 11241100x8000000000000000752683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dabe3f48355f572021-12-20 15:53:27.924root 11241100x8000000000000000752684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fe3faa69a5f2222021-12-20 15:53:27.924root 11241100x8000000000000000752685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6613aa2f1f7810b2021-12-20 15:53:27.924root 11241100x8000000000000000752686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6307312cfe4f42b12021-12-20 15:53:27.925root 11241100x8000000000000000752687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce3af256bf2786d2021-12-20 15:53:27.925root 11241100x8000000000000000752688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b592ecb0b1c87d92021-12-20 15:53:27.925root 11241100x8000000000000000752689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4992e6122e4c36b02021-12-20 15:53:27.925root 11241100x8000000000000000752690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75071cb6f7ede0882021-12-20 15:53:27.925root 11241100x8000000000000000752691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba22f664ed7176f2021-12-20 15:53:27.925root 11241100x8000000000000000752692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc68bbe83a8fafb2021-12-20 15:53:27.925root 11241100x8000000000000000752693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074526d64c899ff42021-12-20 15:53:27.925root 11241100x8000000000000000752694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262e9d318e2bc4d12021-12-20 15:53:27.925root 11241100x8000000000000000752695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222a29004480373d2021-12-20 15:53:27.925root 11241100x8000000000000000752696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66043b0a3375d4b2021-12-20 15:53:27.925root 11241100x8000000000000000752697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f3fad3809ebee92021-12-20 15:53:27.926root 11241100x8000000000000000752698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed82d7f1f3e22f0b2021-12-20 15:53:27.926root 11241100x8000000000000000752699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033a9bb28d2225732021-12-20 15:53:27.926root 11241100x8000000000000000752700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b67375e532a0fe2021-12-20 15:53:27.926root 11241100x8000000000000000752701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13db164a0b4bfb422021-12-20 15:53:27.926root 11241100x8000000000000000752702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a8c24ba6f963582021-12-20 15:53:27.927root 11241100x8000000000000000752703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bed45bfe77974a2021-12-20 15:53:27.927root 11241100x8000000000000000752704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e9a8a4ae41e9c92021-12-20 15:53:27.927root 11241100x8000000000000000752705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9285399337c02ea82021-12-20 15:53:27.927root 11241100x8000000000000000752706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7dfaba4888b2b52021-12-20 15:53:27.928root 11241100x8000000000000000752707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18caa27e0f8284a82021-12-20 15:53:27.928root 11241100x8000000000000000752708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565ffb23d1eb0f812021-12-20 15:53:27.928root 11241100x8000000000000000752709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4e9f464dae79842021-12-20 15:53:27.928root 354300x8000000000000000752710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.182{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51332-false10.0.1.12-8000- 11241100x8000000000000000752711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f999838ab0f082b82021-12-20 15:53:28.183root 11241100x8000000000000000752712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa7cae41642e7282021-12-20 15:53:28.183root 11241100x8000000000000000752713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab1d927cef3f64b2021-12-20 15:53:28.183root 11241100x8000000000000000752714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2458af5140e1782021-12-20 15:53:28.183root 11241100x8000000000000000752715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e30083bd594f8a02021-12-20 15:53:28.183root 11241100x8000000000000000752716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a072d5f6588cd52021-12-20 15:53:28.183root 11241100x8000000000000000752717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a1c9d2ebec84bf2021-12-20 15:53:28.183root 11241100x8000000000000000752718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859e2c317c4e52e32021-12-20 15:53:28.183root 11241100x8000000000000000752719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eec8671b67fb9e62021-12-20 15:53:28.184root 11241100x8000000000000000752720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56626eee0cd0de502021-12-20 15:53:28.184root 11241100x8000000000000000752721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5401e61c83ed8402021-12-20 15:53:28.184root 11241100x8000000000000000752722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0164a89737b2882021-12-20 15:53:28.184root 11241100x8000000000000000752723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83c06079de2b68f2021-12-20 15:53:28.186root 11241100x8000000000000000752724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019601f1e1a31db62021-12-20 15:53:28.186root 11241100x8000000000000000752725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71909f2cdf0b7f22021-12-20 15:53:28.186root 11241100x8000000000000000752726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c41879ac654c0482021-12-20 15:53:28.186root 11241100x8000000000000000752727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218e178c33da41fd2021-12-20 15:53:28.186root 11241100x8000000000000000752728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab205cffca4a9422021-12-20 15:53:28.186root 11241100x8000000000000000752729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28146a20bbc920982021-12-20 15:53:28.186root 11241100x8000000000000000752730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd8cfbd3f5dcf5d2021-12-20 15:53:28.186root 11241100x8000000000000000752731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9826601f6b0d8d442021-12-20 15:53:28.186root 11241100x8000000000000000752732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f22fb57d045b9e62021-12-20 15:53:28.186root 11241100x8000000000000000752733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c1feb821db59a32021-12-20 15:53:28.186root 11241100x8000000000000000752734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a442edcdce845b2021-12-20 15:53:28.186root 11241100x8000000000000000752735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b4a9d8f98ebd0c2021-12-20 15:53:28.187root 11241100x8000000000000000752736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cc6607dff208a22021-12-20 15:53:28.187root 11241100x8000000000000000752737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd0a93a2fb636cd2021-12-20 15:53:28.188root 11241100x8000000000000000752738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30da345442a29b52021-12-20 15:53:28.188root 11241100x8000000000000000752739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96a0e8f7a8b6fbb2021-12-20 15:53:28.188root 11241100x8000000000000000752740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac37f00de7605362021-12-20 15:53:28.188root 11241100x8000000000000000752741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750c104e41b17a1e2021-12-20 15:53:28.675root 11241100x8000000000000000752742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f837e4ee6d79ca502021-12-20 15:53:28.675root 11241100x8000000000000000752743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dd96a3c5be779d2021-12-20 15:53:28.675root 11241100x8000000000000000752744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1b381c7e93624f2021-12-20 15:53:28.675root 11241100x8000000000000000752745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2270a5684d5c6ba2021-12-20 15:53:28.675root 11241100x8000000000000000752746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f4d164c880684f2021-12-20 15:53:28.675root 11241100x8000000000000000752747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9912d91715a63f7b2021-12-20 15:53:28.675root 11241100x8000000000000000752748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0db58f8f49d57c2021-12-20 15:53:28.675root 11241100x8000000000000000752749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd54b7960798a0ba2021-12-20 15:53:28.675root 11241100x8000000000000000752750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859629e2a09b5e022021-12-20 15:53:28.676root 11241100x8000000000000000752751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd0f67768066c2a2021-12-20 15:53:28.676root 11241100x8000000000000000752752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975787537a01a6342021-12-20 15:53:28.676root 11241100x8000000000000000752753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593ba2cb5d7a486e2021-12-20 15:53:28.676root 11241100x8000000000000000752754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571290584cb0cb702021-12-20 15:53:28.676root 11241100x8000000000000000752755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0036ae6bff72032021-12-20 15:53:28.676root 11241100x8000000000000000752756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1499d046c389f3022021-12-20 15:53:28.676root 11241100x8000000000000000752757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6d1d5aee82f0142021-12-20 15:53:28.676root 11241100x8000000000000000752758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1312b11fbbda46062021-12-20 15:53:28.676root 11241100x8000000000000000752759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6f279cd57470ed2021-12-20 15:53:28.676root 11241100x8000000000000000752760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee39279ce25f7952021-12-20 15:53:28.676root 11241100x8000000000000000752761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb357affe00d11592021-12-20 15:53:28.676root 11241100x8000000000000000752762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d969e1e3ac109232021-12-20 15:53:28.676root 11241100x8000000000000000752763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5125fdb262f5226a2021-12-20 15:53:28.676root 11241100x8000000000000000752764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706a330b39534aa02021-12-20 15:53:28.676root 11241100x8000000000000000752765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a660946bd38f5252021-12-20 15:53:28.676root 11241100x8000000000000000752766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de05de47b08336f52021-12-20 15:53:28.677root 11241100x8000000000000000752767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a257eaa48ec5b4bd2021-12-20 15:53:28.677root 11241100x8000000000000000752768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f82417b32bcc5fe2021-12-20 15:53:28.677root 11241100x8000000000000000752769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb24bf96b6818a52021-12-20 15:53:28.677root 11241100x8000000000000000752770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2073660089c490f2021-12-20 15:53:29.175root 11241100x8000000000000000752771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7806e5a530b576c92021-12-20 15:53:29.175root 11241100x8000000000000000752772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800cdce2f286ad1b2021-12-20 15:53:29.175root 11241100x8000000000000000752773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6aff639b4abc112021-12-20 15:53:29.176root 11241100x8000000000000000752774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9e592d5da5095b2021-12-20 15:53:29.176root 11241100x8000000000000000752775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bade9e06dec424122021-12-20 15:53:29.176root 11241100x8000000000000000752776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b151a4c811137c82021-12-20 15:53:29.176root 11241100x8000000000000000752777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f8ab65371b974f2021-12-20 15:53:29.176root 11241100x8000000000000000752778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67fa988528133b72021-12-20 15:53:29.176root 11241100x8000000000000000752779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778149f9ead75e912021-12-20 15:53:29.176root 11241100x8000000000000000752780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec860189e22854e2021-12-20 15:53:29.176root 11241100x8000000000000000752781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5ab5021f72b4be2021-12-20 15:53:29.176root 11241100x8000000000000000752782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b91ee9a7a9b11dd2021-12-20 15:53:29.176root 11241100x8000000000000000752783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfe4d997e371df92021-12-20 15:53:29.176root 11241100x8000000000000000752784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b4d2b269655cb32021-12-20 15:53:29.176root 11241100x8000000000000000752785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f88a6254c3d5222021-12-20 15:53:29.176root 11241100x8000000000000000752786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b5aef4ffe53bc52021-12-20 15:53:29.176root 11241100x8000000000000000752787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f6e22235006a662021-12-20 15:53:29.177root 11241100x8000000000000000752788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68749dd1c599ab02021-12-20 15:53:29.178root 11241100x8000000000000000752789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3808af83a13f08482021-12-20 15:53:29.178root 11241100x8000000000000000752790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689860c77dc22c1f2021-12-20 15:53:29.178root 11241100x8000000000000000752791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b59fdc2fb3b1f62021-12-20 15:53:29.178root 11241100x8000000000000000752792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0abb6a08b0d8ac2021-12-20 15:53:29.178root 11241100x8000000000000000752793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591acd93ec246a972021-12-20 15:53:29.178root 11241100x8000000000000000752794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff70eb3fd4ec8ed2021-12-20 15:53:29.178root 11241100x8000000000000000752795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9c92bb9af00de42021-12-20 15:53:29.178root 11241100x8000000000000000752796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1499faf171cd456b2021-12-20 15:53:29.178root 11241100x8000000000000000752797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c71b225dffd7262021-12-20 15:53:29.178root 11241100x8000000000000000752798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d909a196ea1bf31b2021-12-20 15:53:29.178root 11241100x8000000000000000752799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.312{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/.#stateD2aW2s2021-12-20 15:53:29.312systemd-network 534500x8000000000000000752800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.312{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkdsystemd-network 11241100x8000000000000000752801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.312{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/links/.#2jlUN7c2021-12-20 15:53:29.312systemd-network 11241100x8000000000000000752802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.312{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/leases/.#2X0aGcX2021-12-20 15:53:29.312systemd-network 11241100x8000000000000000752803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/.#stateX8oChH2021-12-20 15:53:29.313systemd-network 11241100x8000000000000000752804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/links/.#2t7szmr2021-12-20 15:53:29.313systemd-network 11241100x8000000000000000752805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/leases/.#2XJZwrb2021-12-20 15:53:29.313systemd-network 354300x8000000000000000752806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67ae-61c0-7096-73f97d550000}538/lib/systemd/systemd-timesyncdsystemd-timesyncudptruefalse10.0.1.25-53064-false169.254.169.123-123- 11241100x8000000000000000752807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#resolv.confmJSoOJ2021-12-20 15:53:29.313systemd-resolve 11241100x8000000000000000752808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#stub-resolv.confY1CpTt2021-12-20 15:53:29.313systemd-resolve 11241100x8000000000000000752809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.314{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#resolv.confyCYzYd2021-12-20 15:53:29.314systemd-resolve 11241100x8000000000000000752810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.314{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#stub-resolv.confuIDK3X2021-12-20 15:53:29.314systemd-resolve 11241100x8000000000000000752811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1919bfcdee28fc2021-12-20 15:53:29.676root 11241100x8000000000000000752812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f24807baa959552021-12-20 15:53:29.676root 11241100x8000000000000000752813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9586ed41bd64052021-12-20 15:53:29.676root 11241100x8000000000000000752814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acf678684b7da182021-12-20 15:53:29.676root 11241100x8000000000000000752815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6116b31bfcf277b2021-12-20 15:53:29.676root 11241100x8000000000000000752816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589cfcdcb5683ea92021-12-20 15:53:29.676root 11241100x8000000000000000752817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b94593a280607c2021-12-20 15:53:29.676root 11241100x8000000000000000752818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb59341664faba322021-12-20 15:53:29.676root 11241100x8000000000000000752819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cd30aa6cdcd7012021-12-20 15:53:29.676root 11241100x8000000000000000752820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f708ebba08533d712021-12-20 15:53:29.676root 11241100x8000000000000000752821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfeb2c917d52c672021-12-20 15:53:29.676root 11241100x8000000000000000752822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27403862dd3f39372021-12-20 15:53:29.676root 11241100x8000000000000000752823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198c69b61694440d2021-12-20 15:53:29.677root 11241100x8000000000000000752824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0c3611cd97b28f2021-12-20 15:53:29.677root 11241100x8000000000000000752825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58a1c9a97b458d72021-12-20 15:53:29.677root 11241100x8000000000000000752826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabfa563214d02e22021-12-20 15:53:29.677root 11241100x8000000000000000752827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a854c3b956690632021-12-20 15:53:29.677root 11241100x8000000000000000752828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a9b9ce712eb0732021-12-20 15:53:29.677root 11241100x8000000000000000752829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cc2b9a63298e3c2021-12-20 15:53:29.677root 11241100x8000000000000000752830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3add83e3357d3e2021-12-20 15:53:29.677root 11241100x8000000000000000752831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff6696a829e529b2021-12-20 15:53:29.677root 11241100x8000000000000000752832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c64ece06ff34832021-12-20 15:53:29.677root 11241100x8000000000000000752833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550682b35ae5b4032021-12-20 15:53:29.677root 11241100x8000000000000000752834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f968a8c481224862021-12-20 15:53:29.677root 11241100x8000000000000000752835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdbac86f0dad1622021-12-20 15:53:29.677root 11241100x8000000000000000752836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb6c8bf83db6a8e2021-12-20 15:53:29.677root 11241100x8000000000000000752837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e463afdc95e0a22021-12-20 15:53:29.678root 11241100x8000000000000000752838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3939208b9391f87c2021-12-20 15:53:29.678root 11241100x8000000000000000752839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def80024600ec3e82021-12-20 15:53:29.678root 11241100x8000000000000000752840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56895414ce0fb2d2021-12-20 15:53:29.678root 11241100x8000000000000000752841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af2930ac3672b1d2021-12-20 15:53:29.678root 11241100x8000000000000000752842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee9adafe17122ae2021-12-20 15:53:29.678root 11241100x8000000000000000752843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd654f106887fd112021-12-20 15:53:29.678root 11241100x8000000000000000752844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05385c43507e44182021-12-20 15:53:29.678root 11241100x8000000000000000752845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e732da393a72afb2021-12-20 15:53:29.678root 11241100x8000000000000000752846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a202a82b902c2792021-12-20 15:53:29.679root 11241100x8000000000000000752847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dcc77d30fefcd32021-12-20 15:53:29.679root 11241100x8000000000000000752848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74228aab4cf6769a2021-12-20 15:53:29.679root 11241100x8000000000000000752849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952d9d13f0fa59de2021-12-20 15:53:29.679root 11241100x8000000000000000752850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1837d314ec57512021-12-20 15:53:29.679root 11241100x8000000000000000752851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee650f5c5cd449e2021-12-20 15:53:29.679root 11241100x8000000000000000752852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e66ce168c8cf912021-12-20 15:53:30.175root 11241100x8000000000000000752853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c178cfab3f089f2021-12-20 15:53:30.176root 11241100x8000000000000000752854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4551a837df07782021-12-20 15:53:30.176root 11241100x8000000000000000752855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe0e3f8f2fad9892021-12-20 15:53:30.176root 11241100x8000000000000000752856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167c1d6d6476465d2021-12-20 15:53:30.176root 11241100x8000000000000000752857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39074e913b7e583c2021-12-20 15:53:30.176root 11241100x8000000000000000752858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e84b2785f132aa2021-12-20 15:53:30.176root 11241100x8000000000000000752859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67425de757c2bb5b2021-12-20 15:53:30.176root 11241100x8000000000000000752860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3c07885fab69d2021-12-20 15:53:30.176root 11241100x8000000000000000752861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1c62fd65f327ca2021-12-20 15:53:30.176root 11241100x8000000000000000752862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f47f231fdc6bc6e2021-12-20 15:53:30.176root 11241100x8000000000000000752863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c994cc13b9b918ff2021-12-20 15:53:30.176root 11241100x8000000000000000752864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b8fa2a4603ba762021-12-20 15:53:30.176root 11241100x8000000000000000752865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50ea7667b3795252021-12-20 15:53:30.176root 11241100x8000000000000000752866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2817b18d3809bc2021-12-20 15:53:30.176root 11241100x8000000000000000752867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0a8c18bbd924162021-12-20 15:53:30.176root 11241100x8000000000000000752868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186f6a3fa70399832021-12-20 15:53:30.177root 11241100x8000000000000000752869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cad7734ba721f012021-12-20 15:53:30.177root 11241100x8000000000000000752870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6822f008968e8a8c2021-12-20 15:53:30.177root 11241100x8000000000000000752871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfea85131bb817e2021-12-20 15:53:30.177root 11241100x8000000000000000752872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7570c87d84c802b2021-12-20 15:53:30.177root 11241100x8000000000000000752873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb29e907c131d6b2021-12-20 15:53:30.177root 11241100x8000000000000000752874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca608d2b7e7a0c12021-12-20 15:53:30.177root 11241100x8000000000000000752875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e215563b836bf0e2021-12-20 15:53:30.177root 11241100x8000000000000000752876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7d5f220d0b02632021-12-20 15:53:30.177root 11241100x8000000000000000752877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce646d2e10e9b3d2021-12-20 15:53:30.178root 11241100x8000000000000000752878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af6bbf5c5f5a1252021-12-20 15:53:30.178root 11241100x8000000000000000752879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8edbc6ab83886e42021-12-20 15:53:30.178root 11241100x8000000000000000752880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e24bf823aea8d92021-12-20 15:53:30.178root 11241100x8000000000000000752881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669a385545aa60802021-12-20 15:53:30.178root 11241100x8000000000000000752882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f53a0a42b07a172021-12-20 15:53:30.178root 11241100x8000000000000000752883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd1ba5860a5e14a2021-12-20 15:53:30.178root 11241100x8000000000000000752884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4cde073a3526112021-12-20 15:53:30.178root 11241100x8000000000000000752885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12987ac5ae46990c2021-12-20 15:53:30.178root 11241100x8000000000000000752886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1364b551c0c36512021-12-20 15:53:30.178root 11241100x8000000000000000752887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a745afb8102524762021-12-20 15:53:30.178root 11241100x8000000000000000752888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f249622e96e54ae2021-12-20 15:53:30.178root 11241100x8000000000000000752889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bf97fe6a530ec32021-12-20 15:53:30.178root 11241100x8000000000000000752890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa610763a4e343b92021-12-20 15:53:30.178root 11241100x8000000000000000752891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca97fa26422b6462021-12-20 15:53:30.178root 11241100x8000000000000000752892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7027d51f4fd3d32021-12-20 15:53:30.179root 11241100x8000000000000000752893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bca988af6bb55792021-12-20 15:53:30.675root 11241100x8000000000000000752894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e0f13519b1aa5d2021-12-20 15:53:30.676root 11241100x8000000000000000752895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1867dbf15755cdb2021-12-20 15:53:30.676root 11241100x8000000000000000752896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87624ee3275ed8e2021-12-20 15:53:30.676root 11241100x8000000000000000752897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb98055b366a42f92021-12-20 15:53:30.676root 11241100x8000000000000000752898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3311e85899ce28d2021-12-20 15:53:30.676root 11241100x8000000000000000752899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c4855cca03ef242021-12-20 15:53:30.676root 11241100x8000000000000000752900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c200e1bdfc5e552021-12-20 15:53:30.676root 11241100x8000000000000000752901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45da90d65825d2222021-12-20 15:53:30.676root 11241100x8000000000000000752902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0940183e25ffbc82021-12-20 15:53:30.676root 11241100x8000000000000000752903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87390a41da25b38e2021-12-20 15:53:30.676root 11241100x8000000000000000752904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8af1c60859222842021-12-20 15:53:30.676root 11241100x8000000000000000752905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a9c30190cfc9962021-12-20 15:53:30.677root 11241100x8000000000000000752906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa29fcd4a949bd82021-12-20 15:53:30.677root 11241100x8000000000000000752907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d60200608aeabe92021-12-20 15:53:30.677root 11241100x8000000000000000752908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bd6e7a86912d3c2021-12-20 15:53:30.677root 11241100x8000000000000000752909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a724214d63ae7b2021-12-20 15:53:30.677root 11241100x8000000000000000752910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dba7c5e5ce05db2021-12-20 15:53:30.677root 11241100x8000000000000000752911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfed3a37393d0a92021-12-20 15:53:30.677root 11241100x8000000000000000752912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c1a90178abaf612021-12-20 15:53:30.677root 11241100x8000000000000000752913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1c17c5369cb9a42021-12-20 15:53:30.677root 11241100x8000000000000000752914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb69159cdb0e1c7b2021-12-20 15:53:30.677root 11241100x8000000000000000752915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44d1d4bc690898a2021-12-20 15:53:30.677root 11241100x8000000000000000752916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee9f77fbb60475e2021-12-20 15:53:30.678root 11241100x8000000000000000752917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af3a10a50099c362021-12-20 15:53:30.678root 11241100x8000000000000000752918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfccd25bfafb04b62021-12-20 15:53:30.678root 11241100x8000000000000000752919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9666abf26868982e2021-12-20 15:53:30.678root 11241100x8000000000000000752920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9caedf0bafd25d2021-12-20 15:53:30.678root 11241100x8000000000000000752921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cf9cb5f49c36172021-12-20 15:53:30.678root 11241100x8000000000000000752922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21da806bdd3500602021-12-20 15:53:30.678root 11241100x8000000000000000752923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d35fb27bf2102d32021-12-20 15:53:30.678root 11241100x8000000000000000752924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7598289b5fea8ea32021-12-20 15:53:30.678root 11241100x8000000000000000752925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f607c57c78bd4fe52021-12-20 15:53:30.678root 11241100x8000000000000000752926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ede0fd140ac8c62021-12-20 15:53:30.678root 11241100x8000000000000000752927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee4c722aad2555c2021-12-20 15:53:30.678root 11241100x8000000000000000752928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a063ce9f4358363b2021-12-20 15:53:30.679root 11241100x8000000000000000752929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b2fd17344ce7e82021-12-20 15:53:30.679root 11241100x8000000000000000752930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5261b7b015d8fa12021-12-20 15:53:30.679root 11241100x8000000000000000752931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43524ad79eea3aa2021-12-20 15:53:30.679root 11241100x8000000000000000752932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2f257fffcd07db2021-12-20 15:53:30.679root 11241100x8000000000000000752933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908b5ddef0b700812021-12-20 15:53:30.679root 11241100x8000000000000000752934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c92a7c155538b12021-12-20 15:53:31.175root 11241100x8000000000000000752935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c47be7de9517642021-12-20 15:53:31.175root 11241100x8000000000000000752936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d72682791aa6d12021-12-20 15:53:31.176root 11241100x8000000000000000752937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d54a0be294a2bef2021-12-20 15:53:31.176root 11241100x8000000000000000752938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f245e13bdfc2422021-12-20 15:53:31.176root 11241100x8000000000000000752939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf21ad3593bec1ba2021-12-20 15:53:31.176root 11241100x8000000000000000752940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16e63108fbc45fe2021-12-20 15:53:31.176root 11241100x8000000000000000752941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0098cf8d6da395eb2021-12-20 15:53:31.176root 11241100x8000000000000000752942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bafde0aeb078bc2021-12-20 15:53:31.176root 11241100x8000000000000000752943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb426ad720ea12c2021-12-20 15:53:31.176root 11241100x8000000000000000752944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ce732f51cb20782021-12-20 15:53:31.176root 11241100x8000000000000000752945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8e65e29c11ac2d2021-12-20 15:53:31.176root 11241100x8000000000000000752946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cac9772c4a2a3f72021-12-20 15:53:31.176root 11241100x8000000000000000752947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04611827db968c242021-12-20 15:53:31.176root 11241100x8000000000000000752948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c200cbf95ff1168c2021-12-20 15:53:31.176root 11241100x8000000000000000752949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b6f9353d0267882021-12-20 15:53:31.176root 11241100x8000000000000000752950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5b6ac2df6016972021-12-20 15:53:31.176root 11241100x8000000000000000752951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8471089ea22566842021-12-20 15:53:31.176root 11241100x8000000000000000752952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbf4781375c6a2e2021-12-20 15:53:31.177root 11241100x8000000000000000752953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8c010fc986971b2021-12-20 15:53:31.177root 11241100x8000000000000000752954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319830e194ca62942021-12-20 15:53:31.177root 11241100x8000000000000000752955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645c3808d06121562021-12-20 15:53:31.177root 11241100x8000000000000000752956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef8a497710d418a2021-12-20 15:53:31.177root 11241100x8000000000000000752957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b74961634478d3c2021-12-20 15:53:31.177root 11241100x8000000000000000752958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d055a81149f1fc72021-12-20 15:53:31.177root 11241100x8000000000000000752959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f30158a896021f12021-12-20 15:53:31.177root 11241100x8000000000000000752960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1ac93785e60cc12021-12-20 15:53:31.177root 11241100x8000000000000000752961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb41b9f6d51990452021-12-20 15:53:31.177root 11241100x8000000000000000752962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15cbf0550b20af62021-12-20 15:53:31.177root 11241100x8000000000000000752963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46803f8d4f2451202021-12-20 15:53:31.177root 11241100x8000000000000000752964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0514935d78db4b82021-12-20 15:53:31.177root 11241100x8000000000000000752965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b4f43f50db46fc2021-12-20 15:53:31.177root 11241100x8000000000000000752966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf0a73f7554119f2021-12-20 15:53:31.177root 11241100x8000000000000000752967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea964346b544c592021-12-20 15:53:31.177root 11241100x8000000000000000752968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d6d6b16e0b54bc2021-12-20 15:53:31.178root 11241100x8000000000000000752969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21f2da7533a09362021-12-20 15:53:31.178root 11241100x8000000000000000752970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eb367534d1f8e92021-12-20 15:53:31.178root 11241100x8000000000000000752971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c09e090accba612021-12-20 15:53:31.178root 11241100x8000000000000000752972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcdcd93767853202021-12-20 15:53:31.178root 11241100x8000000000000000752973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cee3ef2a37b4ef2021-12-20 15:53:31.178root 11241100x8000000000000000752974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d5efbad8b107772021-12-20 15:53:31.178root 11241100x8000000000000000752975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1f995c09427e562021-12-20 15:53:31.674root 11241100x8000000000000000752976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c50113f96d01a392021-12-20 15:53:31.674root 11241100x8000000000000000752977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd3c7632ce13cb62021-12-20 15:53:31.674root 11241100x8000000000000000752978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8237c3aad19a982021-12-20 15:53:31.674root 11241100x8000000000000000752979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a9fc463739c1ec2021-12-20 15:53:31.674root 11241100x8000000000000000752980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b28cb3539248dc52021-12-20 15:53:31.674root 11241100x8000000000000000752981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651aeebe6812c2f62021-12-20 15:53:31.674root 11241100x8000000000000000752982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f8b027e6275c862021-12-20 15:53:31.674root 11241100x8000000000000000752983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325055d54d0a55ad2021-12-20 15:53:31.674root 11241100x8000000000000000752984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf27b649b28431b2021-12-20 15:53:31.675root 11241100x8000000000000000752985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510b612ad80584ef2021-12-20 15:53:31.675root 11241100x8000000000000000752986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4692fb30cdcc3532021-12-20 15:53:31.675root 11241100x8000000000000000752987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d21d7edda610022021-12-20 15:53:31.675root 11241100x8000000000000000752988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6845a21b524d482021-12-20 15:53:31.675root 11241100x8000000000000000752989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36011646e33f4732021-12-20 15:53:31.675root 11241100x8000000000000000752990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa028bad0a3d1522021-12-20 15:53:31.675root 11241100x8000000000000000752991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32eebd260813ee6e2021-12-20 15:53:31.675root 11241100x8000000000000000752992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d62b96155ba8c512021-12-20 15:53:31.675root 11241100x8000000000000000752993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c37103bccfa5902021-12-20 15:53:31.675root 11241100x8000000000000000752994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3726007bb2037c222021-12-20 15:53:31.676root 11241100x8000000000000000752995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c90eeddeb062f312021-12-20 15:53:31.676root 11241100x8000000000000000752996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9109874d4a78ad252021-12-20 15:53:31.676root 11241100x8000000000000000752997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb5ddf2d5712f002021-12-20 15:53:31.676root 11241100x8000000000000000752998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e92e2f321204352021-12-20 15:53:31.676root 11241100x8000000000000000752999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f37c917a5bfb9ea2021-12-20 15:53:31.676root 11241100x8000000000000000753000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c95d9ed25ce2032021-12-20 15:53:31.676root 11241100x8000000000000000753001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef62cb88e8385102021-12-20 15:53:31.676root 11241100x8000000000000000753002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704b66248d15e0bc2021-12-20 15:53:31.676root 11241100x8000000000000000753003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7966028b431f2c2021-12-20 15:53:31.677root 11241100x8000000000000000753004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae4a4f272a174ae2021-12-20 15:53:31.677root 11241100x8000000000000000753005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf47deaf7c0f92762021-12-20 15:53:31.677root 11241100x8000000000000000753006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5bc51ca6f700e72021-12-20 15:53:31.677root 11241100x8000000000000000753007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af9653bb5e580072021-12-20 15:53:31.677root 11241100x8000000000000000753008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3618ab5d3e21152021-12-20 15:53:31.678root 11241100x8000000000000000753009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce83cbe97d40c002021-12-20 15:53:31.678root 11241100x8000000000000000753010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2854507dc2bb5b72021-12-20 15:53:31.678root 11241100x8000000000000000753011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa155d3a17b8ba892021-12-20 15:53:31.678root 11241100x8000000000000000753012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829d419f0d84ce502021-12-20 15:53:31.678root 11241100x8000000000000000753013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef85b177baa509882021-12-20 15:53:31.678root 11241100x8000000000000000753014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a72352bcfb945d02021-12-20 15:53:31.678root 11241100x8000000000000000753015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6de53fbe5870af2021-12-20 15:53:31.678root 11241100x8000000000000000753016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d90ea2b1f307032021-12-20 15:53:31.678root 11241100x8000000000000000753017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b85c33c78b04802021-12-20 15:53:31.678root 11241100x8000000000000000753018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ab35958cc128e82021-12-20 15:53:31.679root 11241100x8000000000000000753019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3eba224ca4ab7002021-12-20 15:53:31.679root 11241100x8000000000000000753020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f3ab5c06935a302021-12-20 15:53:31.679root 11241100x8000000000000000753021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997e9852810265362021-12-20 15:53:31.679root 11241100x8000000000000000753022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a6e8d4789888342021-12-20 15:53:31.679root 11241100x8000000000000000753023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f63838e500a60222021-12-20 15:53:31.679root 11241100x8000000000000000753024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d70fc232caa41142021-12-20 15:53:31.679root 11241100x8000000000000000753025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5604644eb14dd8e2021-12-20 15:53:31.679root 11241100x8000000000000000753026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14406d94dc9920b22021-12-20 15:53:31.679root 11241100x8000000000000000753027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1ea3f8237858c82021-12-20 15:53:31.679root 11241100x8000000000000000753028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29817d7bfdc818492021-12-20 15:53:31.679root 11241100x8000000000000000753029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a933ebe799574ba72021-12-20 15:53:31.679root 11241100x8000000000000000753030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a39ff6eeba17ca2021-12-20 15:53:31.679root 11241100x8000000000000000753031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fde281f8a265a782021-12-20 15:53:31.680root 11241100x8000000000000000753032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a182c72bffa99e52021-12-20 15:53:31.680root 11241100x8000000000000000753033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3d67a8a8e63dcf2021-12-20 15:53:31.680root 11241100x8000000000000000753034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bbb480eea5eb902021-12-20 15:53:31.680root 11241100x8000000000000000753035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509a21cd7c484acd2021-12-20 15:53:32.174root 11241100x8000000000000000753036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82fe043d5167fe32021-12-20 15:53:32.174root 11241100x8000000000000000753037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9551db77af7ceb72021-12-20 15:53:32.174root 11241100x8000000000000000753038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e9609b86286b212021-12-20 15:53:32.174root 11241100x8000000000000000753039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d72625afbfb25b2021-12-20 15:53:32.174root 11241100x8000000000000000753040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af14eab19473db9c2021-12-20 15:53:32.174root 11241100x8000000000000000753041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f31a6b56054d432021-12-20 15:53:32.174root 11241100x8000000000000000753042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e669aeed8a4b3d962021-12-20 15:53:32.174root 11241100x8000000000000000753043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b648b47b2c7302f2021-12-20 15:53:32.174root 11241100x8000000000000000753044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32de5439181808b32021-12-20 15:53:32.174root 11241100x8000000000000000753045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc93875995a977d2021-12-20 15:53:32.174root 11241100x8000000000000000753046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bece8b9d2eb7a592021-12-20 15:53:32.175root 11241100x8000000000000000753047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffed88d3521202e2021-12-20 15:53:32.175root 11241100x8000000000000000753048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6b911607e347b32021-12-20 15:53:32.175root 11241100x8000000000000000753049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1253ee8af715b7702021-12-20 15:53:32.175root 11241100x8000000000000000753050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ff884596beaeb32021-12-20 15:53:32.175root 11241100x8000000000000000753051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0cf866f2486b932021-12-20 15:53:32.175root 11241100x8000000000000000753052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf81c350ca31b462021-12-20 15:53:32.175root 11241100x8000000000000000753053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a5a98be5b195912021-12-20 15:53:32.175root 11241100x8000000000000000753054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250fc99f65c84c3f2021-12-20 15:53:32.175root 11241100x8000000000000000753055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d6802c4e485e6d2021-12-20 15:53:32.175root 11241100x8000000000000000753056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b298a171c118ef2021-12-20 15:53:32.175root 11241100x8000000000000000753057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1166136806258b692021-12-20 15:53:32.175root 11241100x8000000000000000753058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21633f45396fa12d2021-12-20 15:53:32.175root 11241100x8000000000000000753059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95a48894045475c2021-12-20 15:53:32.175root 11241100x8000000000000000753060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16378a4392727d12021-12-20 15:53:32.175root 11241100x8000000000000000753061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e201a5571c2167e2021-12-20 15:53:32.175root 11241100x8000000000000000753062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e56569d460eb3b2021-12-20 15:53:32.175root 11241100x8000000000000000753063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113faa0d8aa27d602021-12-20 15:53:32.176root 11241100x8000000000000000753064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1420e623797025c82021-12-20 15:53:32.176root 11241100x8000000000000000753065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560a8f8f831998962021-12-20 15:53:32.176root 11241100x8000000000000000753066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87fc324b7f66eb02021-12-20 15:53:32.176root 11241100x8000000000000000753067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14563eb3650a67ec2021-12-20 15:53:32.176root 11241100x8000000000000000753068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c350fcb6ac852f322021-12-20 15:53:32.176root 11241100x8000000000000000753069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b208ab0a453040892021-12-20 15:53:32.176root 11241100x8000000000000000753070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7b6c9615735dbd2021-12-20 15:53:32.176root 11241100x8000000000000000753071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1a2a4e9b16f4e62021-12-20 15:53:32.176root 11241100x8000000000000000753072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776e7764146f016f2021-12-20 15:53:32.176root 11241100x8000000000000000753073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfddb518f14d62482021-12-20 15:53:32.176root 11241100x8000000000000000753074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48330c26e2e8268f2021-12-20 15:53:32.176root 11241100x8000000000000000753075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8733c747e819b5792021-12-20 15:53:32.176root 11241100x8000000000000000753076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690ce5cf008ae5fe2021-12-20 15:53:32.176root 11241100x8000000000000000753077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6948631a140466832021-12-20 15:53:32.177root 11241100x8000000000000000753078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f30a439c17f1112021-12-20 15:53:32.177root 11241100x8000000000000000753079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ab37afcce504622021-12-20 15:53:32.177root 11241100x8000000000000000753080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d44c760f51333d2021-12-20 15:53:32.177root 11241100x8000000000000000753081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ddf4c6746d4f432021-12-20 15:53:32.177root 11241100x8000000000000000753082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a283adc28ab7452021-12-20 15:53:32.177root 11241100x8000000000000000753083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a0ce487dded2922021-12-20 15:53:32.177root 11241100x8000000000000000753084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811521edb0e6e4702021-12-20 15:53:32.177root 11241100x8000000000000000753085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969239fb941451ae2021-12-20 15:53:32.675root 11241100x8000000000000000753086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a100e8c629d43fb92021-12-20 15:53:32.675root 11241100x8000000000000000753087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62121d7039fe5692021-12-20 15:53:32.675root 11241100x8000000000000000753088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3942c7f973c425aa2021-12-20 15:53:32.675root 11241100x8000000000000000753089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824157844557904a2021-12-20 15:53:32.675root 11241100x8000000000000000753090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fe9112e5a9c37e2021-12-20 15:53:32.675root 11241100x8000000000000000753091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa828f6f8a426faa2021-12-20 15:53:32.675root 11241100x8000000000000000753092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0747d8c0169e422c2021-12-20 15:53:32.675root 11241100x8000000000000000753093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13268d282ba02c8e2021-12-20 15:53:32.675root 11241100x8000000000000000753094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440148faf0fa76af2021-12-20 15:53:32.675root 11241100x8000000000000000753095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaf97b936e8028e2021-12-20 15:53:32.676root 11241100x8000000000000000753096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e24adefa80f15a2021-12-20 15:53:32.676root 11241100x8000000000000000753097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7452723957574b8a2021-12-20 15:53:32.676root 11241100x8000000000000000753098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036be75fa39efbea2021-12-20 15:53:32.676root 11241100x8000000000000000753099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fea7d80719bd7b2021-12-20 15:53:32.676root 11241100x8000000000000000753100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c52f871f11cba32021-12-20 15:53:32.676root 11241100x8000000000000000753101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821f791682d550c62021-12-20 15:53:32.676root 11241100x8000000000000000753102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bfcc9ca452025b2021-12-20 15:53:32.676root 11241100x8000000000000000753103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f5582c95d5ae9d2021-12-20 15:53:32.676root 11241100x8000000000000000753104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78700e92f47e4fc2021-12-20 15:53:32.677root 11241100x8000000000000000753105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4b06f2827084d82021-12-20 15:53:32.677root 11241100x8000000000000000753106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800ff79c14664f3c2021-12-20 15:53:32.677root 11241100x8000000000000000753107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96068b1480fca9572021-12-20 15:53:32.677root 11241100x8000000000000000753108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b05997cdcebbec2021-12-20 15:53:32.677root 11241100x8000000000000000753109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b978fcd13c95afe2021-12-20 15:53:32.677root 11241100x8000000000000000753110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee9a9ec4ceebea32021-12-20 15:53:32.677root 11241100x8000000000000000753111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd88d1f540f8c622021-12-20 15:53:32.677root 11241100x8000000000000000753112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aaed727e90e2f652021-12-20 15:53:32.677root 11241100x8000000000000000753113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d57f769e67274f2021-12-20 15:53:32.677root 11241100x8000000000000000753114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae597948c7db4f6c2021-12-20 15:53:32.677root 11241100x8000000000000000753115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adae89ef2d490d662021-12-20 15:53:32.677root 11241100x8000000000000000753116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8871a8b9f2422a972021-12-20 15:53:32.678root 11241100x8000000000000000753117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafdd55da904c1092021-12-20 15:53:32.678root 11241100x8000000000000000753118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6cca2bf9038dec2021-12-20 15:53:32.678root 11241100x8000000000000000753119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b76e0b25d0416382021-12-20 15:53:32.678root 11241100x8000000000000000753120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b183a147bfafac92021-12-20 15:53:32.678root 11241100x8000000000000000753121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befa15fbfc5c11f42021-12-20 15:53:32.678root 11241100x8000000000000000753122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48966255f77be702021-12-20 15:53:32.678root 11241100x8000000000000000753123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f545e3af0ab40d352021-12-20 15:53:32.678root 11241100x8000000000000000753124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8b72f58d77701f2021-12-20 15:53:32.678root 11241100x8000000000000000753125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a779d0b6c55c13fd2021-12-20 15:53:32.678root 11241100x8000000000000000753126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d075043c00ea132021-12-20 15:53:32.678root 11241100x8000000000000000753127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336ce3542bd373ef2021-12-20 15:53:32.678root 11241100x8000000000000000753128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0909fb834f75ad042021-12-20 15:53:32.678root 11241100x8000000000000000753129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7630c9b77df33892021-12-20 15:53:32.679root 11241100x8000000000000000753130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f553e94f84745b02021-12-20 15:53:32.679root 11241100x8000000000000000753131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2768a9b709f168822021-12-20 15:53:32.679root 11241100x8000000000000000753132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6adde290e813a52021-12-20 15:53:32.679root 11241100x8000000000000000753133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c120cdf35028ce2021-12-20 15:53:33.174root 11241100x8000000000000000753134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e602ec9c4a0b6d2021-12-20 15:53:33.174root 11241100x8000000000000000753135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7868fb92ce5632432021-12-20 15:53:33.174root 11241100x8000000000000000753136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2f06a3378d3cf12021-12-20 15:53:33.175root 11241100x8000000000000000753137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f66c04cb0b37eda2021-12-20 15:53:33.175root 11241100x8000000000000000753138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661b01541f6438bd2021-12-20 15:53:33.175root 11241100x8000000000000000753139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed47059f9f907812021-12-20 15:53:33.175root 11241100x8000000000000000753140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350f35a466776f632021-12-20 15:53:33.175root 11241100x8000000000000000753141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2f92d4dff1c2af2021-12-20 15:53:33.175root 11241100x8000000000000000753142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bfaaa2b3f974032021-12-20 15:53:33.175root 11241100x8000000000000000753143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef9038b325dbfbb2021-12-20 15:53:33.175root 11241100x8000000000000000753144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99ecbd859b51ee12021-12-20 15:53:33.175root 11241100x8000000000000000753145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ec78ab70ceb4962021-12-20 15:53:33.176root 11241100x8000000000000000753146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52c5f2a57ffbad12021-12-20 15:53:33.176root 11241100x8000000000000000753147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ac7e6fb86d02ab2021-12-20 15:53:33.176root 11241100x8000000000000000753148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed302060c38b94a2021-12-20 15:53:33.176root 11241100x8000000000000000753149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48a0f4cd8a1adb52021-12-20 15:53:33.176root 11241100x8000000000000000753150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c0b79eaed6c4e82021-12-20 15:53:33.176root 11241100x8000000000000000753151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b287b2c712d8d92021-12-20 15:53:33.176root 11241100x8000000000000000753152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46319b8c94cdf21d2021-12-20 15:53:33.176root 11241100x8000000000000000753153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b38b3f3d24ac3e2021-12-20 15:53:33.176root 11241100x8000000000000000753154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a8223fb36d49382021-12-20 15:53:33.176root 11241100x8000000000000000753155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49a57630da602af2021-12-20 15:53:33.177root 11241100x8000000000000000753156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7879277616384d2021-12-20 15:53:33.177root 11241100x8000000000000000753157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c35e6ea6e2f1f742021-12-20 15:53:33.177root 11241100x8000000000000000753158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a3d564f0e743f42021-12-20 15:53:33.177root 11241100x8000000000000000753159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d6f459721799a12021-12-20 15:53:33.177root 11241100x8000000000000000753160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662e2442f29371d02021-12-20 15:53:33.177root 11241100x8000000000000000753161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0962522b25f105a2021-12-20 15:53:33.177root 11241100x8000000000000000753162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad49d0b5360e44d32021-12-20 15:53:33.178root 11241100x8000000000000000753163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5a34448b62f5f22021-12-20 15:53:33.178root 11241100x8000000000000000753164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc27503b1a9abe02021-12-20 15:53:33.178root 11241100x8000000000000000753165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9509ec1f7e671982021-12-20 15:53:33.178root 11241100x8000000000000000753166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad1bcffd71196da2021-12-20 15:53:33.178root 11241100x8000000000000000753167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fd173c37d9f2012021-12-20 15:53:33.178root 11241100x8000000000000000753168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab65358d86756e62021-12-20 15:53:33.178root 11241100x8000000000000000753169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ece71b0645fa8c2021-12-20 15:53:33.178root 11241100x8000000000000000753170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d62e691379ecfe2021-12-20 15:53:33.178root 11241100x8000000000000000753171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1bd32f933db8032021-12-20 15:53:33.178root 11241100x8000000000000000753172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8c81cdabc42b582021-12-20 15:53:33.179root 11241100x8000000000000000753173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0805281c2427a72021-12-20 15:53:33.179root 11241100x8000000000000000753174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4500eabcec15903d2021-12-20 15:53:33.179root 11241100x8000000000000000753175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94a7b28acf663742021-12-20 15:53:33.179root 11241100x8000000000000000753176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8899eca62f02102c2021-12-20 15:53:33.179root 11241100x8000000000000000753177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaafb3773b0359e2021-12-20 15:53:33.179root 11241100x8000000000000000753178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcfcd53e0c7fa932021-12-20 15:53:33.179root 11241100x8000000000000000753179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b786da2a7898492021-12-20 15:53:33.179root 11241100x8000000000000000753180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57da2876c4d9ddf72021-12-20 15:53:33.179root 11241100x8000000000000000753181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926d045b4f3263e62021-12-20 15:53:33.179root 11241100x8000000000000000753182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73c2684487851082021-12-20 15:53:33.180root 11241100x8000000000000000753183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2e69c24116d7a32021-12-20 15:53:33.180root 11241100x8000000000000000753184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d94937718481172021-12-20 15:53:33.180root 11241100x8000000000000000753185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b92f15f4bae8b32021-12-20 15:53:33.674root 11241100x8000000000000000753186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bbab7e91b276132021-12-20 15:53:33.674root 11241100x8000000000000000753187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bce72d8318d91772021-12-20 15:53:33.674root 11241100x8000000000000000753188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081e952445fc357f2021-12-20 15:53:33.674root 11241100x8000000000000000753189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7698c91639b1a1b2021-12-20 15:53:33.674root 11241100x8000000000000000753190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2202354cd5e7d882021-12-20 15:53:33.674root 11241100x8000000000000000753191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad2136d109620202021-12-20 15:53:33.674root 11241100x8000000000000000753192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7580689c904b1c2021-12-20 15:53:33.674root 11241100x8000000000000000753193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ca6898b9b8a2e92021-12-20 15:53:33.675root 11241100x8000000000000000753194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8608e365f2aae4802021-12-20 15:53:33.675root 11241100x8000000000000000753195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d789ebec78605482021-12-20 15:53:33.675root 11241100x8000000000000000753196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a61b71f4275ce812021-12-20 15:53:33.675root 11241100x8000000000000000753197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9388e6689502cdb42021-12-20 15:53:33.675root 11241100x8000000000000000753198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f4588b2facd7d12021-12-20 15:53:33.675root 11241100x8000000000000000753199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6b48f8fd3588b52021-12-20 15:53:33.675root 11241100x8000000000000000753200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e711449eaa469a122021-12-20 15:53:33.675root 11241100x8000000000000000753201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbe0d9fb27cdf6b2021-12-20 15:53:33.675root 11241100x8000000000000000753202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a19e2e745648112021-12-20 15:53:33.675root 11241100x8000000000000000753203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcaf3e1ffa9875782021-12-20 15:53:33.676root 11241100x8000000000000000753204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2776f0a31b08bdd72021-12-20 15:53:33.676root 11241100x8000000000000000753205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cca5561ec544db22021-12-20 15:53:33.676root 11241100x8000000000000000753206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5238521dd00d7fe22021-12-20 15:53:33.676root 11241100x8000000000000000753207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770bc2001d124fa02021-12-20 15:53:33.676root 11241100x8000000000000000753208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f7df99d2a22faf2021-12-20 15:53:33.676root 11241100x8000000000000000753209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f773196d0619e6f82021-12-20 15:53:33.676root 11241100x8000000000000000753210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4521c0da4ceaac2021-12-20 15:53:33.676root 11241100x8000000000000000753211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f4369682263cef2021-12-20 15:53:33.676root 11241100x8000000000000000753212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1636266995912da62021-12-20 15:53:33.677root 11241100x8000000000000000753213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592728db44c38c52021-12-20 15:53:33.677root 11241100x8000000000000000753214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe757651bbf69f62021-12-20 15:53:33.677root 11241100x8000000000000000753215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbe0aa0500c08e02021-12-20 15:53:33.678root 11241100x8000000000000000753216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0812a9eea6cfc4622021-12-20 15:53:33.678root 11241100x8000000000000000753217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd855ab71e5c5e332021-12-20 15:53:33.679root 11241100x8000000000000000753218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fec8f750482ae1a2021-12-20 15:53:33.679root 11241100x8000000000000000753219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51afa24d0e3a2952021-12-20 15:53:33.679root 11241100x8000000000000000753220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2855fa2a4b8df52021-12-20 15:53:33.679root 11241100x8000000000000000753221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f230406238c4792021-12-20 15:53:33.679root 11241100x8000000000000000753222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8914b94f0a2a5b002021-12-20 15:53:33.679root 11241100x8000000000000000753223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42c73b053aa70e42021-12-20 15:53:33.680root 11241100x8000000000000000753224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b12e38dd1ba21e12021-12-20 15:53:33.681root 11241100x8000000000000000753225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481ef13a283718ee2021-12-20 15:53:33.681root 11241100x8000000000000000753226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23ccfe329a9ad242021-12-20 15:53:33.682root 11241100x8000000000000000753227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4804b875400c29282021-12-20 15:53:33.682root 11241100x8000000000000000753228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b318d0292adb7d2021-12-20 15:53:33.682root 11241100x8000000000000000753229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f997aa202e233ced2021-12-20 15:53:33.682root 11241100x8000000000000000753230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15c1e8f1a11d5992021-12-20 15:53:33.682root 11241100x8000000000000000753231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e6c130d1ea46782021-12-20 15:53:33.684root 11241100x8000000000000000753232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d39ed24bf0bbc8b2021-12-20 15:53:33.684root 11241100x8000000000000000753233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4fa14099de133f2021-12-20 15:53:33.684root 11241100x8000000000000000753234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51da4b848a6a16c2021-12-20 15:53:33.684root 11241100x8000000000000000753235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6bf89528baaf1b2021-12-20 15:53:33.684root 11241100x8000000000000000753236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d513bd8652b526552021-12-20 15:53:33.685root 11241100x8000000000000000753237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90aabb18316d2c62021-12-20 15:53:33.686root 11241100x8000000000000000753238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f594d5650aacce8d2021-12-20 15:53:33.686root 11241100x8000000000000000753239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6db9b0f1f96c93e2021-12-20 15:53:33.686root 11241100x8000000000000000753240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca3d4bde759b73c2021-12-20 15:53:33.686root 11241100x8000000000000000753241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34e21c250ddc9842021-12-20 15:53:33.686root 11241100x8000000000000000753242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7238a280b2a2bbf82021-12-20 15:53:33.686root 11241100x8000000000000000753243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fc299d1f0b87132021-12-20 15:53:33.686root 11241100x8000000000000000753244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31bafbe85f635362021-12-20 15:53:33.686root 11241100x8000000000000000753245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afd05a30275aaa32021-12-20 15:53:33.686root 11241100x8000000000000000753246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90f001c988c4cd52021-12-20 15:53:33.686root 11241100x8000000000000000753247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a414471ab2b4c6462021-12-20 15:53:33.686root 11241100x8000000000000000753248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b911832de8b70b2021-12-20 15:53:33.686root 11241100x8000000000000000753249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.688{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1491e2584db00012021-12-20 15:53:33.688root 11241100x8000000000000000753250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.688{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fcf188b7206bbc2021-12-20 15:53:33.688root 11241100x8000000000000000753251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.688{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4747bb59bf976c5e2021-12-20 15:53:33.688root 11241100x8000000000000000753252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d7308f4b7559792021-12-20 15:53:33.689root 11241100x8000000000000000753253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61beead9c413f5bc2021-12-20 15:53:33.689root 11241100x8000000000000000753254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604e02ded23a68fa2021-12-20 15:53:33.689root 11241100x8000000000000000753255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e959b17102cb2b992021-12-20 15:53:33.689root 11241100x8000000000000000753256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d290f51871900a622021-12-20 15:53:33.689root 11241100x8000000000000000753257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a66a7bea4facf9f2021-12-20 15:53:33.689root 11241100x8000000000000000753258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2885ea077f71a0e92021-12-20 15:53:33.689root 11241100x8000000000000000753259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a724b966c3546032021-12-20 15:53:33.689root 11241100x8000000000000000753260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.692{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2706130206f598f32021-12-20 15:53:33.692root 11241100x8000000000000000753261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.692{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94423031ea6bb1732021-12-20 15:53:33.692root 11241100x8000000000000000753262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.692{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235e61651ff3c3cd2021-12-20 15:53:33.692root 11241100x8000000000000000753263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.692{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6743fec0c6426a52021-12-20 15:53:33.692root 11241100x8000000000000000753264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.693{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fb2ef1f23738822021-12-20 15:53:33.693root 11241100x8000000000000000753265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.693{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9662e0f684d483962021-12-20 15:53:33.693root 354300x8000000000000000753266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.037{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51334-false10.0.1.12-8000- 11241100x8000000000000000753267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f73f201abf1fd622021-12-20 15:53:34.038root 11241100x8000000000000000753268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6147527d13686552021-12-20 15:53:34.038root 11241100x8000000000000000753269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda499c675a5d9b82021-12-20 15:53:34.038root 11241100x8000000000000000753270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b2b0fff6249b232021-12-20 15:53:34.038root 11241100x8000000000000000753271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcf8a748eaf07472021-12-20 15:53:34.038root 11241100x8000000000000000753272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eae1e4e4732eeeb2021-12-20 15:53:34.038root 11241100x8000000000000000753273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97e52b28c9189232021-12-20 15:53:34.039root 11241100x8000000000000000753274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5863c2b83947e442021-12-20 15:53:34.039root 11241100x8000000000000000753275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be7078f317c415d2021-12-20 15:53:34.039root 11241100x8000000000000000753276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba4d5cc042d1df62021-12-20 15:53:34.039root 11241100x8000000000000000753277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d491a364122b5c2021-12-20 15:53:34.039root 11241100x8000000000000000753278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26b2a583f3027222021-12-20 15:53:34.039root 11241100x8000000000000000753279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71b203169dc7b1f2021-12-20 15:53:34.039root 11241100x8000000000000000753280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88791d0e65b5d14b2021-12-20 15:53:34.039root 11241100x8000000000000000753281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b53f4414ceb26492021-12-20 15:53:34.039root 11241100x8000000000000000753282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d27797bd802aadd2021-12-20 15:53:34.039root 11241100x8000000000000000753283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a91b421bc5f1cf02021-12-20 15:53:34.039root 11241100x8000000000000000753284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d29db40197794f2021-12-20 15:53:34.039root 11241100x8000000000000000753285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf49ece234a0e7862021-12-20 15:53:34.039root 11241100x8000000000000000753286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094fdeb944b2f81b2021-12-20 15:53:34.039root 11241100x8000000000000000753287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc6598e027662c22021-12-20 15:53:34.039root 11241100x8000000000000000753288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.040{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cd645505b8b7d82021-12-20 15:53:34.040root 11241100x8000000000000000753289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c857c93afaa37422021-12-20 15:53:34.041root 11241100x8000000000000000753290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1468c30f50cd4b72021-12-20 15:53:34.041root 11241100x8000000000000000753291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7dfa06e91e4ef62021-12-20 15:53:34.041root 11241100x8000000000000000753292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2eef0a05f81a9f62021-12-20 15:53:34.041root 11241100x8000000000000000753293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e65260c2aa4b5d2021-12-20 15:53:34.041root 11241100x8000000000000000753294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed712e0f8437f7dc2021-12-20 15:53:34.041root 11241100x8000000000000000753295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95678158bed0bb422021-12-20 15:53:34.041root 11241100x8000000000000000753296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5d2bb9ab7818542021-12-20 15:53:34.041root 11241100x8000000000000000753297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eab68346ad3329a2021-12-20 15:53:34.041root 11241100x8000000000000000753298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3422e4d12a05fc2021-12-20 15:53:34.041root 11241100x8000000000000000753299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561087a86dd096982021-12-20 15:53:34.041root 11241100x8000000000000000753300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6737ead93157d3422021-12-20 15:53:34.041root 11241100x8000000000000000753301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ecf4d5d3f92b712021-12-20 15:53:34.041root 11241100x8000000000000000753302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47622899257aa1db2021-12-20 15:53:34.042root 11241100x8000000000000000753303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de79d06a94a6b1d12021-12-20 15:53:34.042root 11241100x8000000000000000753304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931b2e08fd52aed32021-12-20 15:53:34.042root 11241100x8000000000000000753305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a9b96372fccda62021-12-20 15:53:34.042root 11241100x8000000000000000753306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea073c4284fc0ddb2021-12-20 15:53:34.042root 11241100x8000000000000000753307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb21efcc1749f5d82021-12-20 15:53:34.042root 11241100x8000000000000000753308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8e32932a8cbbb62021-12-20 15:53:34.042root 11241100x8000000000000000753309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980ff48c4b76262c2021-12-20 15:53:34.042root 11241100x8000000000000000753310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08bc8e57563ab692021-12-20 15:53:34.042root 11241100x8000000000000000753311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080c24620aba1c372021-12-20 15:53:34.042root 11241100x8000000000000000753312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb0c97ad9c35dab2021-12-20 15:53:34.042root 11241100x8000000000000000753313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbea50e7a2fb8362021-12-20 15:53:34.042root 11241100x8000000000000000753314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b82291fd7341cb22021-12-20 15:53:34.043root 11241100x8000000000000000753315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5eed1421a5c0ab2021-12-20 15:53:34.043root 11241100x8000000000000000753316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f661b58c32c1bd32021-12-20 15:53:34.043root 11241100x8000000000000000753317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e3716065dbc1b62021-12-20 15:53:34.043root 11241100x8000000000000000753318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818a47da5149977c2021-12-20 15:53:34.043root 11241100x8000000000000000753319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d22e91d26405402021-12-20 15:53:34.043root 11241100x8000000000000000753320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685d3730633bf4b42021-12-20 15:53:34.043root 11241100x8000000000000000753321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d5e9d38945d8922021-12-20 15:53:34.043root 11241100x8000000000000000753322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24a2453bb7c3d082021-12-20 15:53:34.043root 11241100x8000000000000000753323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab95bd4a4c0779f32021-12-20 15:53:34.043root 11241100x8000000000000000753324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a9b723b46e19102021-12-20 15:53:34.043root 11241100x8000000000000000753325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa31792b4d9d1292021-12-20 15:53:34.043root 11241100x8000000000000000753326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c860a5135d40cf722021-12-20 15:53:34.043root 11241100x8000000000000000753327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482442966fd772312021-12-20 15:53:34.043root 11241100x8000000000000000753328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a927ce917c0a79f82021-12-20 15:53:34.044root 11241100x8000000000000000753329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc6f0d24d733b742021-12-20 15:53:34.044root 11241100x8000000000000000753330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698f25af64d0453f2021-12-20 15:53:34.044root 11241100x8000000000000000753331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5493eb93f693112021-12-20 15:53:34.044root 11241100x8000000000000000753332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1589abc531a0e7a2021-12-20 15:53:34.044root 11241100x8000000000000000753333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c622e944364435492021-12-20 15:53:34.044root 11241100x8000000000000000753334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2239f03fb2600ae2021-12-20 15:53:34.044root 11241100x8000000000000000753335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2e00d51a74f85d2021-12-20 15:53:34.044root 11241100x8000000000000000753336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f15afe26eeff8f2021-12-20 15:53:34.044root 11241100x8000000000000000753337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43f3a892430f4c72021-12-20 15:53:34.044root 11241100x8000000000000000753338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66953ee678e8f702021-12-20 15:53:34.424root 11241100x8000000000000000753339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffda87dc5d2dfa42021-12-20 15:53:34.424root 11241100x8000000000000000753340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c447f17d58e0eb2021-12-20 15:53:34.425root 11241100x8000000000000000753341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bbd8e509bb32002021-12-20 15:53:34.425root 11241100x8000000000000000753342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831e6a2ff082ce0e2021-12-20 15:53:34.425root 11241100x8000000000000000753343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60322f22d6b2e5812021-12-20 15:53:34.425root 11241100x8000000000000000753344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5111ee3fed39fce82021-12-20 15:53:34.425root 11241100x8000000000000000753345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ca1b8b5eb3b2372021-12-20 15:53:34.425root 11241100x8000000000000000753346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cdca8623fa1c1e2021-12-20 15:53:34.425root 11241100x8000000000000000753347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cce22d04d4aa9d42021-12-20 15:53:34.425root 11241100x8000000000000000753348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12477d4f5717e782021-12-20 15:53:34.425root 11241100x8000000000000000753349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ca0db47e52acc72021-12-20 15:53:34.425root 11241100x8000000000000000753350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec157c1adb9d6b9a2021-12-20 15:53:34.426root 11241100x8000000000000000753351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7b845171f6cafe2021-12-20 15:53:34.426root 11241100x8000000000000000753352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58045fe538a432802021-12-20 15:53:34.426root 11241100x8000000000000000753353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430eb1c907d54b0b2021-12-20 15:53:34.426root 11241100x8000000000000000753354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37351e48a92df7af2021-12-20 15:53:34.426root 11241100x8000000000000000753355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90007e54bb694c32021-12-20 15:53:34.426root 11241100x8000000000000000753356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091b17713b5759662021-12-20 15:53:34.426root 11241100x8000000000000000753357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7743ca039f481772021-12-20 15:53:34.426root 11241100x8000000000000000753358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11b72ef10a1d08f2021-12-20 15:53:34.427root 11241100x8000000000000000753359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d331ca925a19c5ba2021-12-20 15:53:34.427root 11241100x8000000000000000753360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34429d4a9395c0d2021-12-20 15:53:34.427root 11241100x8000000000000000753361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f9e0e560abe5042021-12-20 15:53:34.427root 11241100x8000000000000000753362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b094c61bd91840ec2021-12-20 15:53:34.427root 11241100x8000000000000000753363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966e5cae8b219c0c2021-12-20 15:53:34.427root 11241100x8000000000000000753364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20478a7b9c2ee53b2021-12-20 15:53:34.427root 11241100x8000000000000000753365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c893b835fe345ad2021-12-20 15:53:34.427root 11241100x8000000000000000753366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f09e21d973bdc12021-12-20 15:53:34.428root 11241100x8000000000000000753367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15bb05a7f4439592021-12-20 15:53:34.428root 11241100x8000000000000000753368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9122cd8215c5ca862021-12-20 15:53:34.428root 11241100x8000000000000000753369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b2b3daf957dbcf2021-12-20 15:53:34.428root 11241100x8000000000000000753370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be480038d248436c2021-12-20 15:53:34.428root 11241100x8000000000000000753371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19cfe4588924fe62021-12-20 15:53:34.428root 11241100x8000000000000000753372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389b8537a71bf0cd2021-12-20 15:53:34.428root 11241100x8000000000000000753373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9343557fa81cb912021-12-20 15:53:34.428root 11241100x8000000000000000753374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3875efe897f7c532021-12-20 15:53:34.428root 11241100x8000000000000000753375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772b523fed8749212021-12-20 15:53:34.428root 11241100x8000000000000000753376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3891b26e8af2f52021-12-20 15:53:34.428root 11241100x8000000000000000753377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ffd7f3da40d1322021-12-20 15:53:34.428root 11241100x8000000000000000753378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8936deb3f489aebd2021-12-20 15:53:34.428root 11241100x8000000000000000753379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7de29cefdc36452021-12-20 15:53:34.428root 11241100x8000000000000000753380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efb5711003b588d2021-12-20 15:53:34.428root 11241100x8000000000000000753381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5913a6e44df491b2021-12-20 15:53:34.429root 11241100x8000000000000000753382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6ca01e00f86c542021-12-20 15:53:34.429root 11241100x8000000000000000753383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf466011cd69bb432021-12-20 15:53:34.429root 11241100x8000000000000000753384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055a140bc0e84d0b2021-12-20 15:53:34.429root 11241100x8000000000000000753385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcae2a33220e6b4b2021-12-20 15:53:34.429root 11241100x8000000000000000753386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d5c99da16916502021-12-20 15:53:34.429root 11241100x8000000000000000753387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7d78a8b57df0ec2021-12-20 15:53:34.429root 11241100x8000000000000000753388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a598484caf1f0132021-12-20 15:53:34.429root 11241100x8000000000000000753389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88229b5141e1d9302021-12-20 15:53:34.429root 11241100x8000000000000000753390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a32049d449ca102021-12-20 15:53:34.430root 11241100x8000000000000000753391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e01cae0f78a7c262021-12-20 15:53:34.430root 11241100x8000000000000000753392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267f38c40e203b6b2021-12-20 15:53:34.430root 11241100x8000000000000000753393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14790748255b63132021-12-20 15:53:34.924root 11241100x8000000000000000753394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c759608041ee34d2021-12-20 15:53:34.924root 11241100x8000000000000000753395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdfa16e63015b642021-12-20 15:53:34.924root 11241100x8000000000000000753396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3537f64ac73e092021-12-20 15:53:34.924root 11241100x8000000000000000753397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0f360349da18a12021-12-20 15:53:34.925root 11241100x8000000000000000753398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da884b4e3d4d8a72021-12-20 15:53:34.925root 11241100x8000000000000000753399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef0eddc7b4f0e202021-12-20 15:53:34.925root 11241100x8000000000000000753400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444c35a8e67aa23e2021-12-20 15:53:34.925root 11241100x8000000000000000753401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659cdb8dbc23cd562021-12-20 15:53:34.925root 11241100x8000000000000000753402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb25ebbfab7d9cf2021-12-20 15:53:34.925root 11241100x8000000000000000753403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b166c054414730a82021-12-20 15:53:34.925root 11241100x8000000000000000753404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6ac32744ce98c82021-12-20 15:53:34.926root 11241100x8000000000000000753405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09929c3a78747af2021-12-20 15:53:34.926root 11241100x8000000000000000753406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf644e8e4c0772d2021-12-20 15:53:34.926root 11241100x8000000000000000753407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31047caebb83a9b2021-12-20 15:53:34.926root 11241100x8000000000000000753408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29142b85bb327e7e2021-12-20 15:53:34.926root 11241100x8000000000000000753409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d892d4eaa616a4d42021-12-20 15:53:34.926root 11241100x8000000000000000753410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62e5214c619e2082021-12-20 15:53:34.926root 11241100x8000000000000000753411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8d5caa2c8227532021-12-20 15:53:34.926root 11241100x8000000000000000753412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe81eea892cd7bc2021-12-20 15:53:34.926root 11241100x8000000000000000753413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a3a537735283172021-12-20 15:53:34.927root 11241100x8000000000000000753414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3576ff4745514702021-12-20 15:53:34.927root 11241100x8000000000000000753415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a828a69b7a089c4d2021-12-20 15:53:34.927root 11241100x8000000000000000753416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2582b2bcee7db62021-12-20 15:53:34.927root 11241100x8000000000000000753417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6861a831c53829552021-12-20 15:53:34.927root 11241100x8000000000000000753418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cd13a9b97751f42021-12-20 15:53:34.927root 11241100x8000000000000000753419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0346ce7521af3a2021-12-20 15:53:34.927root 11241100x8000000000000000753420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1298344153a662e32021-12-20 15:53:34.927root 11241100x8000000000000000753421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b702c42d34377422021-12-20 15:53:34.927root 11241100x8000000000000000753422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4464ad79674f81a42021-12-20 15:53:34.927root 11241100x8000000000000000753423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ff55a2e19b81c62021-12-20 15:53:34.927root 11241100x8000000000000000753424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ba3fd6009414ef2021-12-20 15:53:34.927root 11241100x8000000000000000753425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6240914ab34683812021-12-20 15:53:34.927root 11241100x8000000000000000753426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92b03174efa8a332021-12-20 15:53:34.927root 11241100x8000000000000000753427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab5638912501cca2021-12-20 15:53:34.927root 11241100x8000000000000000753428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504810661875e04b2021-12-20 15:53:34.927root 11241100x8000000000000000753429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b6f6429193e6112021-12-20 15:53:34.928root 11241100x8000000000000000753430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538d77b01e648f832021-12-20 15:53:34.928root 11241100x8000000000000000753431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae8fd2a84e2fc802021-12-20 15:53:34.928root 11241100x8000000000000000753432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22da681cc75575482021-12-20 15:53:34.928root 11241100x8000000000000000753433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b4b966ecfa0fab2021-12-20 15:53:34.928root 11241100x8000000000000000753434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e4b0e41a41982b2021-12-20 15:53:34.928root 11241100x8000000000000000753435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1869fcfd31b9a5372021-12-20 15:53:34.928root 11241100x8000000000000000753436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde31c14af55cd052021-12-20 15:53:34.928root 11241100x8000000000000000753437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3171ad8f0dc64a02021-12-20 15:53:34.928root 11241100x8000000000000000753438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6b4b181d93b1f72021-12-20 15:53:34.928root 11241100x8000000000000000753439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081fb8f1917364dd2021-12-20 15:53:34.928root 11241100x8000000000000000753440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351a34b975d082cf2021-12-20 15:53:34.928root 11241100x8000000000000000753441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7346be639e316e52021-12-20 15:53:34.928root 11241100x8000000000000000753442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a486bcaab534cc2021-12-20 15:53:34.928root 11241100x8000000000000000753443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd0b890cfdce2b92021-12-20 15:53:34.928root 11241100x8000000000000000753444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6631fea353a2ab2021-12-20 15:53:34.928root 11241100x8000000000000000753445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed58c8bb97d01312021-12-20 15:53:34.929root 11241100x8000000000000000753446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edc1a90fd3d0bf42021-12-20 15:53:34.930root 11241100x8000000000000000753447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718290259632b3f72021-12-20 15:53:34.930root 11241100x8000000000000000753448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddbed109fdd96fc2021-12-20 15:53:34.930root 11241100x8000000000000000753449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1bb81f0739b5b42021-12-20 15:53:35.424root 11241100x8000000000000000753450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da16424411990d22021-12-20 15:53:35.424root 11241100x8000000000000000753451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0319d600718d052021-12-20 15:53:35.424root 11241100x8000000000000000753452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bde9ec2d66acdc32021-12-20 15:53:35.425root 11241100x8000000000000000753453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02519ee7f7657d542021-12-20 15:53:35.425root 11241100x8000000000000000753454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef0a58f8e378b582021-12-20 15:53:35.425root 11241100x8000000000000000753455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8522c5690fda4a22021-12-20 15:53:35.425root 11241100x8000000000000000753456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a950bb59e735ff2021-12-20 15:53:35.425root 11241100x8000000000000000753457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248c01228092d30b2021-12-20 15:53:35.425root 11241100x8000000000000000753458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1cc3d64a4c13d42021-12-20 15:53:35.426root 11241100x8000000000000000753459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561642f0b2bf5d1a2021-12-20 15:53:35.426root 11241100x8000000000000000753460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fbd074c5cc14c42021-12-20 15:53:35.426root 11241100x8000000000000000753461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2511624de3cedc912021-12-20 15:53:35.426root 11241100x8000000000000000753462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b947177cc9d21f2021-12-20 15:53:35.427root 11241100x8000000000000000753463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9e85a2ee1bb7252021-12-20 15:53:35.427root 11241100x8000000000000000753464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46ba19d5534ba862021-12-20 15:53:35.427root 11241100x8000000000000000753465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14510bbfe1240b02021-12-20 15:53:35.427root 11241100x8000000000000000753466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a95968dd79e14b2021-12-20 15:53:35.428root 11241100x8000000000000000753467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7867587f6a822c0a2021-12-20 15:53:35.428root 11241100x8000000000000000753468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81189078136629c2021-12-20 15:53:35.428root 11241100x8000000000000000753469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828fef5d71ecbb562021-12-20 15:53:35.428root 11241100x8000000000000000753470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574482c5d1a649fb2021-12-20 15:53:35.429root 11241100x8000000000000000753471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd693cdd015fb692021-12-20 15:53:35.429root 11241100x8000000000000000753472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be262c530484fed12021-12-20 15:53:35.429root 11241100x8000000000000000753473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7d8db06ea1d5b62021-12-20 15:53:35.429root 11241100x8000000000000000753474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac93b7f52417c372021-12-20 15:53:35.430root 11241100x8000000000000000753475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f528a522230e35412021-12-20 15:53:35.430root 11241100x8000000000000000753476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5085df54cfd48c5c2021-12-20 15:53:35.430root 11241100x8000000000000000753477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd8df0a555b27d62021-12-20 15:53:35.430root 11241100x8000000000000000753478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04e26bdd6e9e7742021-12-20 15:53:35.430root 11241100x8000000000000000753479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28acc4ba3b781eb2021-12-20 15:53:35.431root 11241100x8000000000000000753480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe160eb242cc6d02021-12-20 15:53:35.431root 11241100x8000000000000000753481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f289011913cf5ebb2021-12-20 15:53:35.431root 11241100x8000000000000000753482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0fb98369111a0c2021-12-20 15:53:35.431root 11241100x8000000000000000753483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6845c4daaa7c4a912021-12-20 15:53:35.431root 11241100x8000000000000000753484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744d84200219d19c2021-12-20 15:53:35.432root 11241100x8000000000000000753485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eade6ae53363dd142021-12-20 15:53:35.432root 11241100x8000000000000000753486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41eea8eca2ba21d12021-12-20 15:53:35.432root 11241100x8000000000000000753487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914a9fd5afd5fd6a2021-12-20 15:53:35.433root 11241100x8000000000000000753488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f604cd1c6f749a2021-12-20 15:53:35.433root 11241100x8000000000000000753489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc280105beb7b0172021-12-20 15:53:35.433root 11241100x8000000000000000753490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c7fa81e32ce3832021-12-20 15:53:35.433root 11241100x8000000000000000753491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2254837693789e2021-12-20 15:53:35.433root 11241100x8000000000000000753492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5377a19073c61f2021-12-20 15:53:35.433root 11241100x8000000000000000753493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95b6f9b61a568472021-12-20 15:53:35.433root 11241100x8000000000000000753494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd9c2dc72e0743a2021-12-20 15:53:35.434root 11241100x8000000000000000753495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8a70409e41d68e2021-12-20 15:53:35.434root 11241100x8000000000000000753496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1f84e415e5768d2021-12-20 15:53:35.434root 11241100x8000000000000000753497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d40b5dde33531102021-12-20 15:53:35.434root 11241100x8000000000000000753498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5445f2d8fceb13da2021-12-20 15:53:35.435root 11241100x8000000000000000753499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29de5019e7344e132021-12-20 15:53:35.435root 11241100x8000000000000000753500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5fd29536cedad52021-12-20 15:53:35.435root 11241100x8000000000000000753501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafbb46b018965e62021-12-20 15:53:35.435root 11241100x8000000000000000753502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6817415beaf3b6d92021-12-20 15:53:35.435root 11241100x8000000000000000753503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7254896b853e3f692021-12-20 15:53:35.924root 11241100x8000000000000000753504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49395f91d42c643d2021-12-20 15:53:35.924root 11241100x8000000000000000753505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5e00f2441343c62021-12-20 15:53:35.925root 11241100x8000000000000000753506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589b43225869b93b2021-12-20 15:53:35.925root 11241100x8000000000000000753507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e2933366ea47c52021-12-20 15:53:35.925root 11241100x8000000000000000753508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6868ea830e98e0692021-12-20 15:53:35.925root 11241100x8000000000000000753509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30c19f317235c672021-12-20 15:53:35.926root 11241100x8000000000000000753510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2905063720051c8e2021-12-20 15:53:35.926root 11241100x8000000000000000753511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77b5c701905588f2021-12-20 15:53:35.926root 11241100x8000000000000000753512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e121805b4584da672021-12-20 15:53:35.926root 11241100x8000000000000000753513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43291274e5896db82021-12-20 15:53:35.926root 11241100x8000000000000000753514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ef12fafa24b6dc2021-12-20 15:53:35.927root 11241100x8000000000000000753515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6b55c8a9f5557a2021-12-20 15:53:35.927root 11241100x8000000000000000753516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60eb2e652dc6c8252021-12-20 15:53:35.927root 11241100x8000000000000000753517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45095dd533eac7b62021-12-20 15:53:35.927root 11241100x8000000000000000753518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c10dbeed3c52782021-12-20 15:53:35.927root 11241100x8000000000000000753519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1352aaf382d65c2021-12-20 15:53:35.927root 11241100x8000000000000000753520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246dbc34228d435b2021-12-20 15:53:35.927root 11241100x8000000000000000753521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9214a332d9eb3fc92021-12-20 15:53:35.927root 11241100x8000000000000000753522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80451aa116a309a2021-12-20 15:53:35.928root 11241100x8000000000000000753523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1cf38d0b2a33382021-12-20 15:53:35.928root 11241100x8000000000000000753524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7af5bfc9c6f4efa2021-12-20 15:53:35.928root 11241100x8000000000000000753525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1b229a930983892021-12-20 15:53:35.928root 11241100x8000000000000000753526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ae1eaa303f31462021-12-20 15:53:35.928root 11241100x8000000000000000753527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81379c61d6da2d842021-12-20 15:53:35.928root 11241100x8000000000000000753528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e007ea361bd3bb42021-12-20 15:53:35.928root 11241100x8000000000000000753529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422dafc80dfdba6e2021-12-20 15:53:35.928root 11241100x8000000000000000753530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0006fca7a231bc172021-12-20 15:53:35.928root 11241100x8000000000000000753531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbe20f888a044f32021-12-20 15:53:35.928root 11241100x8000000000000000753532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d6b9d7250504d52021-12-20 15:53:35.928root 11241100x8000000000000000753533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01af95e987fc1242021-12-20 15:53:35.929root 11241100x8000000000000000753534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce5914e9b8be0a92021-12-20 15:53:35.929root 11241100x8000000000000000753535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa2a2e39fee41ae2021-12-20 15:53:35.929root 11241100x8000000000000000753536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32ab5c0bbecf5f32021-12-20 15:53:35.929root 11241100x8000000000000000753537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5641f574c1af79b12021-12-20 15:53:35.929root 11241100x8000000000000000753538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b89886305f37b782021-12-20 15:53:35.929root 11241100x8000000000000000753539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d263b5bba5d31a2021-12-20 15:53:35.930root 11241100x8000000000000000753540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d639ba608b131f642021-12-20 15:53:35.930root 11241100x8000000000000000753541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520402ad30b527e02021-12-20 15:53:35.930root 11241100x8000000000000000753542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2390e450bff643ff2021-12-20 15:53:35.930root 11241100x8000000000000000753543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dcc08c59bab6542021-12-20 15:53:35.930root 11241100x8000000000000000753544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462ad26b49f5dcf52021-12-20 15:53:35.930root 11241100x8000000000000000753545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bca38a0658bedb2021-12-20 15:53:35.930root 11241100x8000000000000000753546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b36c624489c73152021-12-20 15:53:35.930root 11241100x8000000000000000753547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04371681f128acd2021-12-20 15:53:35.931root 11241100x8000000000000000753548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797d75196264194d2021-12-20 15:53:35.931root 11241100x8000000000000000753549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa70d6f51b50ac42021-12-20 15:53:35.931root 11241100x8000000000000000753550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4a99a05577babf2021-12-20 15:53:35.931root 11241100x8000000000000000753551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.070{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:53:36.070root 11241100x8000000000000000753552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bc3661e48310982021-12-20 15:53:36.424root 11241100x8000000000000000753553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58867c7247f832612021-12-20 15:53:36.424root 11241100x8000000000000000753554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4289f6a450b5182b2021-12-20 15:53:36.424root 11241100x8000000000000000753555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bc9068ff1fa0ba2021-12-20 15:53:36.424root 11241100x8000000000000000753556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da38c198c96848f2021-12-20 15:53:36.425root 11241100x8000000000000000753557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22ece2553c46d8f2021-12-20 15:53:36.425root 11241100x8000000000000000753558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec155dd05d2892372021-12-20 15:53:36.425root 11241100x8000000000000000753559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d43fbfc62cec8c52021-12-20 15:53:36.425root 11241100x8000000000000000753560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc535a290f65199e2021-12-20 15:53:36.425root 11241100x8000000000000000753561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a02acc37a265a592021-12-20 15:53:36.425root 11241100x8000000000000000753562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af17a7b953f9cd42021-12-20 15:53:36.425root 11241100x8000000000000000753563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79633379d8b679c42021-12-20 15:53:36.425root 11241100x8000000000000000753564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fa1b2200c0f3cc2021-12-20 15:53:36.425root 11241100x8000000000000000753565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6f4ee42f03e3022021-12-20 15:53:36.425root 11241100x8000000000000000753566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da0961db4f164972021-12-20 15:53:36.425root 11241100x8000000000000000753567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203ab9323ab4568f2021-12-20 15:53:36.425root 11241100x8000000000000000753568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ee5e54634da6002021-12-20 15:53:36.426root 11241100x8000000000000000753569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d431e22b082b8e12021-12-20 15:53:36.426root 11241100x8000000000000000753570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9b41bcba5e06d92021-12-20 15:53:36.426root 11241100x8000000000000000753571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fa49ffe3b3428d2021-12-20 15:53:36.426root 11241100x8000000000000000753572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56f0b02363c8abb2021-12-20 15:53:36.426root 11241100x8000000000000000753573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c74c611197e905b2021-12-20 15:53:36.426root 11241100x8000000000000000753574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49c6b2ecda685a82021-12-20 15:53:36.426root 11241100x8000000000000000753575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf25614c87ed55022021-12-20 15:53:36.426root 11241100x8000000000000000753576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c99cf060006e7e2021-12-20 15:53:36.426root 11241100x8000000000000000753577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25ebc32b3e8da482021-12-20 15:53:36.426root 11241100x8000000000000000753578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38400048e3d9160a2021-12-20 15:53:36.426root 11241100x8000000000000000753579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd0ba521b34efa92021-12-20 15:53:36.426root 11241100x8000000000000000753580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed04fa89d8071812021-12-20 15:53:36.426root 11241100x8000000000000000753581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b55cc8074ec37e2021-12-20 15:53:36.426root 11241100x8000000000000000753582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68faf4e7fdba1ea62021-12-20 15:53:36.426root 11241100x8000000000000000753583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118d5756652b096f2021-12-20 15:53:36.426root 11241100x8000000000000000753584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba980525ae0a0562021-12-20 15:53:36.427root 11241100x8000000000000000753585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ec67d8a8c85af72021-12-20 15:53:36.427root 11241100x8000000000000000753586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a0a93a723131e82021-12-20 15:53:36.427root 11241100x8000000000000000753587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7190bb7a7ca0fe72021-12-20 15:53:36.427root 11241100x8000000000000000753588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbb67e1b01397642021-12-20 15:53:36.427root 11241100x8000000000000000753589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c1785bda264d6a2021-12-20 15:53:36.427root 11241100x8000000000000000753590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a8d6262d2662682021-12-20 15:53:36.427root 11241100x8000000000000000753591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994fee01a9238a422021-12-20 15:53:36.427root 11241100x8000000000000000753592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ecaa10be967a582021-12-20 15:53:36.427root 11241100x8000000000000000753593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b47e02b69860e942021-12-20 15:53:36.427root 11241100x8000000000000000753594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5c0d7248f7dec62021-12-20 15:53:36.427root 11241100x8000000000000000753595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8f8756a74e97252021-12-20 15:53:36.427root 11241100x8000000000000000753596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f9ed19e0a87e512021-12-20 15:53:36.427root 11241100x8000000000000000753597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7769b770eb8730b22021-12-20 15:53:36.427root 11241100x8000000000000000753598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3044c267c8d959d32021-12-20 15:53:36.427root 11241100x8000000000000000753599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b945033889a8282021-12-20 15:53:36.427root 11241100x8000000000000000753600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f0d6fb7cf31c4c2021-12-20 15:53:36.428root 11241100x8000000000000000753601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb411a6e951a13ff2021-12-20 15:53:36.428root 11241100x8000000000000000753602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1b4e131494525f2021-12-20 15:53:36.429root 11241100x8000000000000000753603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94afd186e8cf21472021-12-20 15:53:36.429root 11241100x8000000000000000753604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f8340a8ef9bc942021-12-20 15:53:36.429root 11241100x8000000000000000753605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8b5f0dda16a15e2021-12-20 15:53:36.429root 11241100x8000000000000000753606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b618cac55f2b74872021-12-20 15:53:36.429root 11241100x8000000000000000753607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c801b2b16ec63ab2021-12-20 15:53:36.429root 11241100x8000000000000000753608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63628ff1c38d054b2021-12-20 15:53:36.429root 11241100x8000000000000000753609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44b425c901da2a02021-12-20 15:53:36.429root 11241100x8000000000000000753610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c52a02e3a9183b2021-12-20 15:53:36.429root 11241100x8000000000000000753611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076958ef4092dca52021-12-20 15:53:36.429root 11241100x8000000000000000753612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b51ad16d5738732021-12-20 15:53:36.429root 11241100x8000000000000000753613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a9b480446912af2021-12-20 15:53:36.924root 11241100x8000000000000000753614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285eda471d23a39d2021-12-20 15:53:36.924root 11241100x8000000000000000753615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839b3e867826d54c2021-12-20 15:53:36.924root 11241100x8000000000000000753616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e21f489a76db6b2021-12-20 15:53:36.924root 11241100x8000000000000000753617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226765804ccf372b2021-12-20 15:53:36.925root 11241100x8000000000000000753618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcff604d59ca8a032021-12-20 15:53:36.925root 11241100x8000000000000000753619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2db8ee93829935f2021-12-20 15:53:36.925root 11241100x8000000000000000753620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad5572f8c51f5352021-12-20 15:53:36.925root 11241100x8000000000000000753621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deae95d5c5d2fafd2021-12-20 15:53:36.925root 11241100x8000000000000000753622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17ef9c51eb710dd2021-12-20 15:53:36.926root 11241100x8000000000000000753623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028a81fb520bbe9a2021-12-20 15:53:36.926root 11241100x8000000000000000753624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba8c4cbccae9c942021-12-20 15:53:36.926root 11241100x8000000000000000753625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e3a951bf19ee6b2021-12-20 15:53:36.926root 11241100x8000000000000000753626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bd563eef640a672021-12-20 15:53:36.926root 11241100x8000000000000000753627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2568771f3aadee152021-12-20 15:53:36.926root 11241100x8000000000000000753628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91296f615c1cd2a62021-12-20 15:53:36.926root 11241100x8000000000000000753629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818f90f92ff32d4a2021-12-20 15:53:36.927root 11241100x8000000000000000753630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9780b6a4669e502021-12-20 15:53:36.927root 11241100x8000000000000000753631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5293ec043754cc2d2021-12-20 15:53:36.927root 11241100x8000000000000000753632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be632dea535ca802021-12-20 15:53:36.928root 11241100x8000000000000000753633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23cb5bbf25fcb8c2021-12-20 15:53:36.928root 11241100x8000000000000000753634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e116eed3ef947f4a2021-12-20 15:53:36.928root 11241100x8000000000000000753635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688a934f6c64dc1f2021-12-20 15:53:36.928root 11241100x8000000000000000753636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbce092ae54b88b2021-12-20 15:53:36.928root 11241100x8000000000000000753637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e2a672c052d0ff2021-12-20 15:53:36.928root 11241100x8000000000000000753638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e201fe19fa05fba22021-12-20 15:53:36.928root 11241100x8000000000000000753639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e96d5b07716d562021-12-20 15:53:36.928root 11241100x8000000000000000753640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d474040747b4402021-12-20 15:53:36.930root 11241100x8000000000000000753641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1785cca17e4dceb72021-12-20 15:53:36.930root 11241100x8000000000000000753642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961134614f01164f2021-12-20 15:53:36.930root 11241100x8000000000000000753643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dea5e59d214db292021-12-20 15:53:36.930root 11241100x8000000000000000753644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf5a454283339482021-12-20 15:53:36.930root 11241100x8000000000000000753645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a148cbb5a1bee52021-12-20 15:53:36.930root 11241100x8000000000000000753646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4304a27abc17370e2021-12-20 15:53:36.930root 11241100x8000000000000000753647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da1fe1cf83e8e8a2021-12-20 15:53:36.930root 11241100x8000000000000000753648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dbcb3a2542cbad2021-12-20 15:53:36.930root 11241100x8000000000000000753649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bebc371f3605972021-12-20 15:53:36.931root 11241100x8000000000000000753650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5965e21a623dc2e2021-12-20 15:53:36.931root 11241100x8000000000000000753651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fc421e254d14e72021-12-20 15:53:36.931root 11241100x8000000000000000753652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bb805df60c728e2021-12-20 15:53:36.931root 11241100x8000000000000000753653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c182b4e3ea08e952021-12-20 15:53:36.931root 11241100x8000000000000000753654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935177dc16478b4e2021-12-20 15:53:36.931root 11241100x8000000000000000753655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a91895781765172021-12-20 15:53:36.931root 11241100x8000000000000000753656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407bd9aaeafecb812021-12-20 15:53:36.932root 11241100x8000000000000000753657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61257541b2b3158b2021-12-20 15:53:36.932root 11241100x8000000000000000753658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b93161beda35a0a2021-12-20 15:53:36.932root 11241100x8000000000000000753659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3705cf707860d792021-12-20 15:53:36.932root 11241100x8000000000000000753660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143a1472b4f9f94c2021-12-20 15:53:36.932root 11241100x8000000000000000753661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed78f2f57653d1702021-12-20 15:53:36.933root 11241100x8000000000000000753662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e22c01a9b2afe292021-12-20 15:53:36.933root 11241100x8000000000000000753663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d063b1150ee4482021-12-20 15:53:36.933root 11241100x8000000000000000753664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477abdb0cfe793312021-12-20 15:53:36.934root 11241100x8000000000000000753665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2085baa90ebd6e2021-12-20 15:53:36.934root 11241100x8000000000000000753666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6415b56c4013942021-12-20 15:53:36.934root 11241100x8000000000000000753667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddcfb3442a62cd22021-12-20 15:53:36.934root 11241100x8000000000000000753668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a44d465aba0f3932021-12-20 15:53:36.934root 11241100x8000000000000000753669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c895c35542e8e52021-12-20 15:53:36.934root 11241100x8000000000000000753670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430716d35aa8b1482021-12-20 15:53:36.934root 11241100x8000000000000000753671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4901d5ba7591e1ee2021-12-20 15:53:36.934root 11241100x8000000000000000753672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab9663b525428952021-12-20 15:53:36.934root 11241100x8000000000000000753673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfe5ae680b07c102021-12-20 15:53:36.934root 11241100x8000000000000000753674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9bf195e0ae64eb2021-12-20 15:53:36.935root 11241100x8000000000000000753675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8caa7821ca8c0e9d2021-12-20 15:53:36.935root 11241100x8000000000000000753676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db04c82ba14aae392021-12-20 15:53:36.935root 11241100x8000000000000000753677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24746a40c3825dee2021-12-20 15:53:36.935root 11241100x8000000000000000753678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ec05a593bb03172021-12-20 15:53:36.935root 11241100x8000000000000000753679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955bf5829e86addb2021-12-20 15:53:36.935root 11241100x8000000000000000753680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e58e5872a01a7b2021-12-20 15:53:36.935root 11241100x8000000000000000753681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f964ec1f99ff7342021-12-20 15:53:36.935root 11241100x8000000000000000753682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a4c53304f205572021-12-20 15:53:36.935root 11241100x8000000000000000753683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335be1421594add82021-12-20 15:53:36.935root 11241100x8000000000000000753684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1076e2ea753b4892021-12-20 15:53:36.935root 11241100x8000000000000000753685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377b8717320534512021-12-20 15:53:36.935root 11241100x8000000000000000753686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f735f058e3af8b532021-12-20 15:53:36.937root 11241100x8000000000000000753687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf40593f618c7242021-12-20 15:53:36.937root 11241100x8000000000000000753688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eb2e924052f6222021-12-20 15:53:36.937root 11241100x8000000000000000753689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09676ab1cb796cbb2021-12-20 15:53:36.937root 11241100x8000000000000000753690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c84da09cecf328e2021-12-20 15:53:36.937root 11241100x8000000000000000753691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e884a28de37d1a82021-12-20 15:53:36.937root 11241100x8000000000000000753692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a66f41feb0debd2021-12-20 15:53:36.937root 11241100x8000000000000000753693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46ac0ced5ddcaa82021-12-20 15:53:36.937root 11241100x8000000000000000753694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5f944656ae48f72021-12-20 15:53:36.937root 11241100x8000000000000000753695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26528e095149c67c2021-12-20 15:53:36.937root 11241100x8000000000000000753696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2d94da3542a4232021-12-20 15:53:36.937root 11241100x8000000000000000753697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec3512cbe0405992021-12-20 15:53:36.938root 11241100x8000000000000000753698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3761d5f5c1cb46382021-12-20 15:53:36.938root 11241100x8000000000000000753699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b3862af02b48ce2021-12-20 15:53:36.938root 11241100x8000000000000000753700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30db250ef881610b2021-12-20 15:53:36.938root 11241100x8000000000000000753701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cddcf439145dded2021-12-20 15:53:36.938root 11241100x8000000000000000753702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70de14f129c491432021-12-20 15:53:36.938root 11241100x8000000000000000753703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2944a5145751642021-12-20 15:53:36.938root 11241100x8000000000000000753704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c64141c79756492021-12-20 15:53:37.424root 11241100x8000000000000000753705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdd72f47f22f1472021-12-20 15:53:37.425root 11241100x8000000000000000753706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc68831dae726f42021-12-20 15:53:37.426root 11241100x8000000000000000753707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84120e0910e5578c2021-12-20 15:53:37.426root 11241100x8000000000000000753708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96c453dd76268792021-12-20 15:53:37.426root 11241100x8000000000000000753709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699979b36f5a1f432021-12-20 15:53:37.426root 11241100x8000000000000000753710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f9df8e95cc6e0f2021-12-20 15:53:37.426root 11241100x8000000000000000753711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f6029192295f592021-12-20 15:53:37.426root 11241100x8000000000000000753712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a42f7aa1b06c3e2021-12-20 15:53:37.426root 11241100x8000000000000000753713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5a8d54845461242021-12-20 15:53:37.426root 11241100x8000000000000000753714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ac139d2e4eeb742021-12-20 15:53:37.426root 11241100x8000000000000000753715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a61b84d7261cf32021-12-20 15:53:37.426root 11241100x8000000000000000753716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042a8f174de43cf02021-12-20 15:53:37.426root 11241100x8000000000000000753717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521fb868a829cedf2021-12-20 15:53:37.426root 11241100x8000000000000000753718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052865371d4576ee2021-12-20 15:53:37.426root 11241100x8000000000000000753719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28b839780a242762021-12-20 15:53:37.426root 11241100x8000000000000000753720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f6217952ff655b2021-12-20 15:53:37.426root 11241100x8000000000000000753721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294282be4060404c2021-12-20 15:53:37.427root 11241100x8000000000000000753722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8145bd88a18e2c12021-12-20 15:53:37.427root 11241100x8000000000000000753723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1515c9d5ae0abfae2021-12-20 15:53:37.427root 11241100x8000000000000000753724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6174003e9eac48262021-12-20 15:53:37.427root 11241100x8000000000000000753725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a4f5021d0208d42021-12-20 15:53:37.427root 11241100x8000000000000000753726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e77debc861333e2021-12-20 15:53:37.427root 11241100x8000000000000000753727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1efcec6f73c9fc2021-12-20 15:53:37.427root 11241100x8000000000000000753728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0226da060aed262021-12-20 15:53:37.427root 11241100x8000000000000000753729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c687798e31fe8492021-12-20 15:53:37.427root 11241100x8000000000000000753730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a366ef79a65dc8c92021-12-20 15:53:37.427root 11241100x8000000000000000753731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a965610e03395d5f2021-12-20 15:53:37.427root 11241100x8000000000000000753732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ffbdffb39927c72021-12-20 15:53:37.427root 11241100x8000000000000000753733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f085e9f98917517e2021-12-20 15:53:37.427root 11241100x8000000000000000753734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e83b20d074a7e22021-12-20 15:53:37.428root 11241100x8000000000000000753735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b643a2b39a8630202021-12-20 15:53:37.428root 11241100x8000000000000000753736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0810f019009b1dd32021-12-20 15:53:37.428root 11241100x8000000000000000753737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032fd0fd88e3c4c32021-12-20 15:53:37.428root 11241100x8000000000000000753738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cab61e0c735ba02021-12-20 15:53:37.428root 11241100x8000000000000000753739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11418889a0f97f1c2021-12-20 15:53:37.428root 11241100x8000000000000000753740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3540bfca61c5e2b12021-12-20 15:53:37.428root 11241100x8000000000000000753741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd42ec71d48a70b32021-12-20 15:53:37.428root 11241100x8000000000000000753742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01972613e7ba06902021-12-20 15:53:37.428root 11241100x8000000000000000753743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc8a604c5529f732021-12-20 15:53:37.428root 11241100x8000000000000000753744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ad7e7c19cedde82021-12-20 15:53:37.428root 11241100x8000000000000000753745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97adab057409bf8e2021-12-20 15:53:37.428root 11241100x8000000000000000753746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc18a355edc952a2021-12-20 15:53:37.429root 11241100x8000000000000000753747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff031cc36baa01a2021-12-20 15:53:37.429root 11241100x8000000000000000753748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8fd527c88d65582021-12-20 15:53:37.924root 11241100x8000000000000000753749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7e41956a1798392021-12-20 15:53:37.924root 11241100x8000000000000000753750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc718653a389df52021-12-20 15:53:37.924root 11241100x8000000000000000753751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104d41ab2cd45b432021-12-20 15:53:37.925root 11241100x8000000000000000753752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf701ffc34b25002021-12-20 15:53:37.925root 11241100x8000000000000000753753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e81d51a8e6f06c2021-12-20 15:53:37.925root 11241100x8000000000000000753754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55dceb409fec6382021-12-20 15:53:37.925root 11241100x8000000000000000753755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451eb1459b65e57f2021-12-20 15:53:37.925root 11241100x8000000000000000753756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07318eee8a48d8b2021-12-20 15:53:37.925root 11241100x8000000000000000753757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8903c3b6f060d7a2021-12-20 15:53:37.925root 11241100x8000000000000000753758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d5bf4182792ae42021-12-20 15:53:37.925root 11241100x8000000000000000753759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc06f1a59d1d8942021-12-20 15:53:37.925root 11241100x8000000000000000753760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d379601420fe3f42021-12-20 15:53:37.925root 11241100x8000000000000000753761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4423699be34839262021-12-20 15:53:37.925root 11241100x8000000000000000753762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cdecf55769ccdc2021-12-20 15:53:37.926root 11241100x8000000000000000753763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448da91f4dad8a832021-12-20 15:53:37.926root 11241100x8000000000000000753764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a7c814c5fcfe012021-12-20 15:53:37.926root 11241100x8000000000000000753765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a95c05731b747e2021-12-20 15:53:37.926root 11241100x8000000000000000753766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab55e6a5aafca1a2021-12-20 15:53:37.926root 11241100x8000000000000000753767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5508e495653676f82021-12-20 15:53:37.926root 11241100x8000000000000000753768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4f043c90086a762021-12-20 15:53:37.926root 11241100x8000000000000000753769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afe6ed069b64b042021-12-20 15:53:37.926root 11241100x8000000000000000753770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be8f62c6f21f9c02021-12-20 15:53:37.926root 11241100x8000000000000000753771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64872347de5acf62021-12-20 15:53:37.926root 11241100x8000000000000000753772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65671b80793b3aa2021-12-20 15:53:37.926root 11241100x8000000000000000753773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3be2cc5e3cb7f662021-12-20 15:53:37.927root 11241100x8000000000000000753774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9220171dd026772021-12-20 15:53:37.927root 11241100x8000000000000000753775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ef609f9fa8a4242021-12-20 15:53:37.927root 11241100x8000000000000000753776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9600c1257556a8b2021-12-20 15:53:37.927root 11241100x8000000000000000753777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ebbe6c2f83bb0f2021-12-20 15:53:37.928root 11241100x8000000000000000753778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cba8c1a4958178b2021-12-20 15:53:37.928root 11241100x8000000000000000753779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2abaeb767201652021-12-20 15:53:37.928root 11241100x8000000000000000753780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5439be33a0dc4c7c2021-12-20 15:53:37.928root 11241100x8000000000000000753781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3e3f586f257c722021-12-20 15:53:37.928root 11241100x8000000000000000753782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fa0793cbe67a272021-12-20 15:53:37.928root 11241100x8000000000000000753783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50005dc0a71363ca2021-12-20 15:53:37.928root 11241100x8000000000000000753784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d889c907b5b1e42021-12-20 15:53:37.928root 11241100x8000000000000000753785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c922c759585202a52021-12-20 15:53:37.928root 11241100x8000000000000000753786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2489de8c32edf6b12021-12-20 15:53:37.929root 11241100x8000000000000000753787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffb8df4831fdca52021-12-20 15:53:37.929root 11241100x8000000000000000753788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedcc645fa6b34902021-12-20 15:53:37.929root 11241100x8000000000000000753789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b49b271569bdfd32021-12-20 15:53:37.933root 11241100x8000000000000000753790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3272649eed4eb3062021-12-20 15:53:37.934root 11241100x8000000000000000753791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dae9dc52ec9098b2021-12-20 15:53:37.934root 11241100x8000000000000000753792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1dfc62cf388a4a2021-12-20 15:53:37.934root 11241100x8000000000000000753793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6272b7859dedcc12021-12-20 15:53:37.934root 11241100x8000000000000000753794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987ae3ecf8b7ebd52021-12-20 15:53:37.934root 11241100x8000000000000000753795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92126329d4c1adf42021-12-20 15:53:37.934root 11241100x8000000000000000753796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93bbd6d0b4a07f42021-12-20 15:53:37.934root 11241100x8000000000000000753797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851f14f43a83b3752021-12-20 15:53:37.934root 11241100x8000000000000000753798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617d87efb48c89982021-12-20 15:53:37.936root 11241100x8000000000000000753799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf26379a17075012021-12-20 15:53:37.936root 11241100x8000000000000000753800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30bad40289b3ab12021-12-20 15:53:37.936root 11241100x8000000000000000753801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba03c4b1f8606e42021-12-20 15:53:37.937root 11241100x8000000000000000753802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6de1ae23296f0412021-12-20 15:53:37.937root 11241100x8000000000000000753803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b44374a4427b3be2021-12-20 15:53:37.937root 11241100x8000000000000000753804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d26db3869522d6e2021-12-20 15:53:37.937root 11241100x8000000000000000753805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a9086d3718d43a2021-12-20 15:53:37.937root 11241100x8000000000000000753806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726e146ef928bbab2021-12-20 15:53:37.938root 11241100x8000000000000000753807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7912da673c717982021-12-20 15:53:37.938root 11241100x8000000000000000753808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7a28aa686deed52021-12-20 15:53:37.938root 11241100x8000000000000000753809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8134ae0f880e44272021-12-20 15:53:37.938root 11241100x8000000000000000753810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1eb754afbcce5112021-12-20 15:53:37.938root 11241100x8000000000000000753811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c039b2773aa64c2021-12-20 15:53:37.938root 11241100x8000000000000000753812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f74941192612f152021-12-20 15:53:37.940root 11241100x8000000000000000753813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d65136f8e4f2c222021-12-20 15:53:37.940root 11241100x8000000000000000753814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54abb98cea4ed38e2021-12-20 15:53:37.940root 11241100x8000000000000000753815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9396b05de55f7a92021-12-20 15:53:37.940root 11241100x8000000000000000753816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51135d3cb7d8d2c62021-12-20 15:53:37.941root 11241100x8000000000000000753817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb5169f5dce97912021-12-20 15:53:37.942root 11241100x8000000000000000753818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b58ae768b373302021-12-20 15:53:37.942root 11241100x8000000000000000753819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f13140b412faa4b2021-12-20 15:53:37.942root 11241100x8000000000000000753820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4ad2b18fe79f0c2021-12-20 15:53:37.942root 11241100x8000000000000000753821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b7800394382a7d2021-12-20 15:53:37.942root 11241100x8000000000000000753822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75e0a2acf4c73812021-12-20 15:53:37.942root 11241100x8000000000000000753823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ab8026cbe39bcb2021-12-20 15:53:37.943root 11241100x8000000000000000753824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c71ae9162f30212021-12-20 15:53:38.424root 11241100x8000000000000000753825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa22324cdcd7227f2021-12-20 15:53:38.425root 11241100x8000000000000000753826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1763eef828506f672021-12-20 15:53:38.425root 11241100x8000000000000000753827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2995fea2911f66d72021-12-20 15:53:38.425root 11241100x8000000000000000753828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c1d3939b4710562021-12-20 15:53:38.425root 11241100x8000000000000000753829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a81aa0639949d9b2021-12-20 15:53:38.425root 11241100x8000000000000000753830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694b5d48939f93902021-12-20 15:53:38.426root 11241100x8000000000000000753831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25352b31617c26162021-12-20 15:53:38.426root 11241100x8000000000000000753832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e8ac8e1d9b1b772021-12-20 15:53:38.426root 11241100x8000000000000000753833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847497c7799be7ee2021-12-20 15:53:38.426root 11241100x8000000000000000753834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f2aa26b68d10692021-12-20 15:53:38.426root 11241100x8000000000000000753835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561b0da9ad2cfb982021-12-20 15:53:38.426root 11241100x8000000000000000753836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e7e0f13711ca872021-12-20 15:53:38.427root 11241100x8000000000000000753837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da7aebd4ed6d1432021-12-20 15:53:38.427root 11241100x8000000000000000753838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0b749ddb4347582021-12-20 15:53:38.427root 11241100x8000000000000000753839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc40c6807ae816d2021-12-20 15:53:38.427root 11241100x8000000000000000753840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d173e2ab56336b2021-12-20 15:53:38.427root 11241100x8000000000000000753841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8e87902eb441202021-12-20 15:53:38.427root 11241100x8000000000000000753842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7568b6be566021e52021-12-20 15:53:38.427root 11241100x8000000000000000753843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d8403e5e6167c92021-12-20 15:53:38.428root 11241100x8000000000000000753844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347f00fc4d0a458c2021-12-20 15:53:38.428root 11241100x8000000000000000753845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e8e0cea82a4d852021-12-20 15:53:38.428root 11241100x8000000000000000753846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7276e499755021f92021-12-20 15:53:38.428root 11241100x8000000000000000753847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afb6de3047328ce2021-12-20 15:53:38.428root 11241100x8000000000000000753848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597be16d4301f2642021-12-20 15:53:38.429root 11241100x8000000000000000753849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686737c69858a80f2021-12-20 15:53:38.429root 11241100x8000000000000000753850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f880e28e477dba72021-12-20 15:53:38.429root 11241100x8000000000000000753851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9821bca9d4292b32021-12-20 15:53:38.429root 11241100x8000000000000000753852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bd3da1a13815202021-12-20 15:53:38.429root 11241100x8000000000000000753853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e997db9871c36c582021-12-20 15:53:38.430root 11241100x8000000000000000753854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdab5b6f2ba1a422021-12-20 15:53:38.430root 11241100x8000000000000000753855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a52326f03d90eb2021-12-20 15:53:38.430root 11241100x8000000000000000753856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c735188741e3fe652021-12-20 15:53:38.430root 11241100x8000000000000000753857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ced11904d1920f2021-12-20 15:53:38.430root 11241100x8000000000000000753858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3317ecac42314a72021-12-20 15:53:38.430root 11241100x8000000000000000753859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6b5807f87333942021-12-20 15:53:38.430root 11241100x8000000000000000753860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fe5bba50c4a0142021-12-20 15:53:38.430root 11241100x8000000000000000753861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a905f92ed358182021-12-20 15:53:38.430root 11241100x8000000000000000753862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bc61245da4c7e72021-12-20 15:53:38.430root 11241100x8000000000000000753863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03848b18f2f79b3b2021-12-20 15:53:38.430root 11241100x8000000000000000753864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db570448594e87032021-12-20 15:53:38.431root 11241100x8000000000000000753865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd6ec6784dcf5b32021-12-20 15:53:38.431root 11241100x8000000000000000753866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99eb2e1fdbd1071b2021-12-20 15:53:38.431root 11241100x8000000000000000753867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd743477d9454fd32021-12-20 15:53:38.431root 11241100x8000000000000000753868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e66236f8a688302021-12-20 15:53:38.431root 11241100x8000000000000000753869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d9b8026b28def2021-12-20 15:53:38.431root 11241100x8000000000000000753870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41fc8138bbabea22021-12-20 15:53:38.431root 11241100x8000000000000000753871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcc24d7423720aa2021-12-20 15:53:38.431root 11241100x8000000000000000753872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2898aaeaa99e36c92021-12-20 15:53:38.431root 11241100x8000000000000000753873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f977c339ec243c242021-12-20 15:53:38.431root 534500x8000000000000000753874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.536{00000000-0000-0000-0000-000000000000}10191<unknown process>root 11241100x8000000000000000753875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38782b60a2f2b2be2021-12-20 15:53:38.924root 11241100x8000000000000000753876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44659dfd564eacf52021-12-20 15:53:38.924root 11241100x8000000000000000753877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5d65213044f4942021-12-20 15:53:38.924root 11241100x8000000000000000753878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95541872a70203ff2021-12-20 15:53:38.924root 11241100x8000000000000000753879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76b3eadd61d1d052021-12-20 15:53:38.925root 11241100x8000000000000000753880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114f22960ee971ed2021-12-20 15:53:38.925root 11241100x8000000000000000753881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6521f43025f166992021-12-20 15:53:38.925root 11241100x8000000000000000753882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09977cf2992cff872021-12-20 15:53:38.925root 11241100x8000000000000000753883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819376097134a84e2021-12-20 15:53:38.925root 11241100x8000000000000000753884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367dcc4961b554992021-12-20 15:53:38.925root 11241100x8000000000000000753885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4b09ed65766f4f2021-12-20 15:53:38.925root 11241100x8000000000000000753886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e48ee978d1a29e2021-12-20 15:53:38.925root 11241100x8000000000000000753887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4342ba7c7766b132021-12-20 15:53:38.925root 11241100x8000000000000000753888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09aa73edb39b7f12021-12-20 15:53:38.925root 11241100x8000000000000000753889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b65a41d12e386332021-12-20 15:53:38.925root 11241100x8000000000000000753890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2099156951ea9db72021-12-20 15:53:38.925root 11241100x8000000000000000753891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a28c09498379eef2021-12-20 15:53:38.925root 11241100x8000000000000000753892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a692c0dbd5220b42021-12-20 15:53:38.925root 11241100x8000000000000000753893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713485231709014b2021-12-20 15:53:38.926root 11241100x8000000000000000753894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eea6f5d5f685cd2021-12-20 15:53:38.926root 11241100x8000000000000000753895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c4ee8b4be938f92021-12-20 15:53:38.926root 11241100x8000000000000000753896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0894cf735359f2b62021-12-20 15:53:38.926root 11241100x8000000000000000753897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fa7e692d5e70cf2021-12-20 15:53:38.926root 11241100x8000000000000000753898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2101a0e41dbda32021-12-20 15:53:38.926root 11241100x8000000000000000753899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e15bda38e9c3592021-12-20 15:53:38.926root 11241100x8000000000000000753900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f193932e7956482021-12-20 15:53:38.926root 11241100x8000000000000000753901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497ed65f0c9d0e032021-12-20 15:53:38.926root 11241100x8000000000000000753902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad731ec552465d02021-12-20 15:53:38.926root 11241100x8000000000000000753903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257facded31a011e2021-12-20 15:53:38.926root 11241100x8000000000000000753904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee177e6b3bbecfeb2021-12-20 15:53:38.926root 11241100x8000000000000000753905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d7aed2a74af2b22021-12-20 15:53:38.926root 11241100x8000000000000000753906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca215f37d71dc3b2021-12-20 15:53:38.926root 11241100x8000000000000000753907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc2860daafca5ae2021-12-20 15:53:38.927root 11241100x8000000000000000753908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9ca81e2fecd0d52021-12-20 15:53:38.927root 11241100x8000000000000000753909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c924492a7e89d1a2021-12-20 15:53:38.927root 11241100x8000000000000000753910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992e0ae0de79ddfc2021-12-20 15:53:38.927root 11241100x8000000000000000753911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a05114fb00ec18f2021-12-20 15:53:38.927root 11241100x8000000000000000753912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4930caa5b76d702a2021-12-20 15:53:38.927root 11241100x8000000000000000753913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7605701e07885c6d2021-12-20 15:53:38.928root 11241100x8000000000000000753914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52d9a02e79006ec2021-12-20 15:53:38.928root 11241100x8000000000000000753915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105214558a0762d62021-12-20 15:53:38.928root 11241100x8000000000000000753916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242ffb2ab03914052021-12-20 15:53:38.928root 11241100x8000000000000000753917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3eb2a39b2629982021-12-20 15:53:38.928root 11241100x8000000000000000753918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34eef71215d81a42021-12-20 15:53:38.928root 11241100x8000000000000000753919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1251dcca927a9a782021-12-20 15:53:38.928root 11241100x8000000000000000753920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f9cce60eff41512021-12-20 15:53:38.928root 11241100x8000000000000000753921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8043276ecdb1f8b2021-12-20 15:53:38.928root 11241100x8000000000000000753922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb21f89689b288a72021-12-20 15:53:38.928root 11241100x8000000000000000753923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb273c8caa2872332021-12-20 15:53:38.929root 11241100x8000000000000000753924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460d58182df24cdd2021-12-20 15:53:38.929root 11241100x8000000000000000753925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda5b29adb8e37e52021-12-20 15:53:38.929root 11241100x8000000000000000753926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ee46883dd9eaa72021-12-20 15:53:38.929root 23542300x8000000000000000753927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.072{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000753928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f69107e0f2aa302021-12-20 15:53:39.424root 11241100x8000000000000000753929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacf6a71e0b0888b2021-12-20 15:53:39.424root 11241100x8000000000000000753930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e63e84bb8fe2282021-12-20 15:53:39.424root 11241100x8000000000000000753931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a524ebfc03534feb2021-12-20 15:53:39.424root 11241100x8000000000000000753932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07cef1a0de348a02021-12-20 15:53:39.425root 11241100x8000000000000000753933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed97e2dc38cfee52021-12-20 15:53:39.425root 11241100x8000000000000000753934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9987664235d6f42021-12-20 15:53:39.425root 11241100x8000000000000000753935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330686b38583b58b2021-12-20 15:53:39.425root 11241100x8000000000000000753936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b75b7de89caf71d2021-12-20 15:53:39.425root 11241100x8000000000000000753937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d23ce643b4e67932021-12-20 15:53:39.425root 11241100x8000000000000000753938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8a4f52efbf2c152021-12-20 15:53:39.425root 11241100x8000000000000000753939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825608463fb5c54e2021-12-20 15:53:39.425root 11241100x8000000000000000753940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba293435c0fb4b42021-12-20 15:53:39.425root 11241100x8000000000000000753941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc57c9d291b69d862021-12-20 15:53:39.425root 11241100x8000000000000000753942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28304d01257d20e2021-12-20 15:53:39.425root 11241100x8000000000000000753943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efe3b1ef73a8c682021-12-20 15:53:39.426root 11241100x8000000000000000753944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6e8d2e8c5a0a142021-12-20 15:53:39.426root 11241100x8000000000000000753945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462c31a192f7b3132021-12-20 15:53:39.426root 11241100x8000000000000000753946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d721da4fdf0d854d2021-12-20 15:53:39.426root 11241100x8000000000000000753947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398c3d22bb39e2882021-12-20 15:53:39.426root 11241100x8000000000000000753948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a51028b9047e8242021-12-20 15:53:39.426root 11241100x8000000000000000753949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769772df333338442021-12-20 15:53:39.426root 11241100x8000000000000000753950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a32235badf2f9192021-12-20 15:53:39.426root 11241100x8000000000000000753951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329976f8daa12c4c2021-12-20 15:53:39.426root 11241100x8000000000000000753952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5ce4fd76063aff2021-12-20 15:53:39.426root 11241100x8000000000000000753953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a58dba7a4184ef32021-12-20 15:53:39.426root 11241100x8000000000000000753954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e99269be445dd2b2021-12-20 15:53:39.426root 11241100x8000000000000000753955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8766b42c473fb3532021-12-20 15:53:39.426root 11241100x8000000000000000753956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ac860de8f7ab912021-12-20 15:53:39.427root 11241100x8000000000000000753957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69674636ef066d902021-12-20 15:53:39.427root 11241100x8000000000000000753958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1e78151df30b742021-12-20 15:53:39.427root 11241100x8000000000000000753959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fac395254e39aaf2021-12-20 15:53:39.427root 11241100x8000000000000000753960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e9e05efc9e8b872021-12-20 15:53:39.427root 11241100x8000000000000000753961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362ae009964eced52021-12-20 15:53:39.427root 11241100x8000000000000000753962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8e74fdaf7721312021-12-20 15:53:39.427root 11241100x8000000000000000753963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6824aec960c29e4d2021-12-20 15:53:39.427root 11241100x8000000000000000753964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14628cb6867070f2021-12-20 15:53:39.427root 11241100x8000000000000000753965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614f42a54a0761e12021-12-20 15:53:39.427root 11241100x8000000000000000753966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b135c95c9fc899722021-12-20 15:53:39.427root 11241100x8000000000000000753967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95fd433d0b546202021-12-20 15:53:39.427root 11241100x8000000000000000753968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eb6288aff4deee2021-12-20 15:53:39.428root 11241100x8000000000000000753969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d98645bf4ffde7d2021-12-20 15:53:39.428root 11241100x8000000000000000753970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b552de0df75d5752021-12-20 15:53:39.428root 11241100x8000000000000000753971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c79965b747e6a582021-12-20 15:53:39.428root 11241100x8000000000000000753972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc6c9be12987d892021-12-20 15:53:39.428root 11241100x8000000000000000753973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3eb6da40e345b592021-12-20 15:53:39.428root 11241100x8000000000000000753974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376d14cbc913538c2021-12-20 15:53:39.428root 11241100x8000000000000000753975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f4f10129b3cf012021-12-20 15:53:39.428root 11241100x8000000000000000753976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a8b5150dcc693b2021-12-20 15:53:39.428root 11241100x8000000000000000753977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395b09f32be43cab2021-12-20 15:53:39.428root 11241100x8000000000000000753978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72fcd3725313e782021-12-20 15:53:39.428root 11241100x8000000000000000753979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412d899124788f912021-12-20 15:53:39.429root 11241100x8000000000000000753980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cd96d21eccbda62021-12-20 15:53:39.429root 11241100x8000000000000000753981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c21c5a8d0fdf262021-12-20 15:53:39.429root 11241100x8000000000000000753982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989998a723eb88692021-12-20 15:53:39.429root 11241100x8000000000000000753983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79ad3aa4b321dbb2021-12-20 15:53:39.429root 11241100x8000000000000000753984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c76f2af08306d82021-12-20 15:53:39.429root 11241100x8000000000000000753985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c50697dc4c2fac2021-12-20 15:53:39.429root 11241100x8000000000000000753986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37a5ced754228c12021-12-20 15:53:39.429root 11241100x8000000000000000753987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29df3d1b77e612f32021-12-20 15:53:39.429root 11241100x8000000000000000753988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc74493c3fbb7fe2021-12-20 15:53:39.430root 11241100x8000000000000000753989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b6d62232be422d2021-12-20 15:53:39.430root 11241100x8000000000000000753990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc374b98873c7642021-12-20 15:53:39.430root 11241100x8000000000000000753991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3846f476deded3182021-12-20 15:53:39.430root 11241100x8000000000000000753992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690fe1272177b2d92021-12-20 15:53:39.430root 11241100x8000000000000000753993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936a7c6487220ae92021-12-20 15:53:39.430root 11241100x8000000000000000753994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3b2578d8094b952021-12-20 15:53:39.430root 11241100x8000000000000000753995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c57ae00298f579a2021-12-20 15:53:39.430root 11241100x8000000000000000753996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e143b56341fecba2021-12-20 15:53:39.431root 11241100x8000000000000000753997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c17243052453e42021-12-20 15:53:39.431root 11241100x8000000000000000753998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffc565085345a272021-12-20 15:53:39.431root 11241100x8000000000000000753999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68ff715e84cd7882021-12-20 15:53:39.431root 11241100x8000000000000000754000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcacc1677c1858d2021-12-20 15:53:39.431root 11241100x8000000000000000754001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97cab72a5d8d9ed2021-12-20 15:53:39.431root 11241100x8000000000000000754002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4121a14f54faf2f22021-12-20 15:53:39.431root 11241100x8000000000000000754003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0cc2abcf3228ea2021-12-20 15:53:39.431root 11241100x8000000000000000754004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4ba7623247f02c2021-12-20 15:53:39.432root 11241100x8000000000000000754005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0296fb0b502f9b732021-12-20 15:53:39.432root 11241100x8000000000000000754006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bf817173c012a92021-12-20 15:53:39.432root 11241100x8000000000000000754007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22137274aeab9d6f2021-12-20 15:53:39.432root 11241100x8000000000000000754008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97499309efe2e152021-12-20 15:53:39.433root 11241100x8000000000000000754009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d0f91d3046a4892021-12-20 15:53:39.433root 11241100x8000000000000000754010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27a32460009e8a72021-12-20 15:53:39.433root 11241100x8000000000000000754011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2de3567336394f52021-12-20 15:53:39.433root 11241100x8000000000000000754012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1d230c4b5cbb7f2021-12-20 15:53:39.433root 11241100x8000000000000000754013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b520e75ea8423a2021-12-20 15:53:39.434root 11241100x8000000000000000754014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c0b5724b1190882021-12-20 15:53:39.434root 11241100x8000000000000000754015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1468a9b67afe58b2021-12-20 15:53:39.434root 11241100x8000000000000000754016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de2240dba3102d92021-12-20 15:53:39.434root 11241100x8000000000000000754017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad33c0b08031f462021-12-20 15:53:39.435root 11241100x8000000000000000754018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ead6ee843ad75982021-12-20 15:53:39.435root 11241100x8000000000000000754019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d2bc66d65aa5c22021-12-20 15:53:39.435root 11241100x8000000000000000754020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5048ef1f4237395e2021-12-20 15:53:39.435root 11241100x8000000000000000754021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe708bd47136e2c2021-12-20 15:53:39.435root 11241100x8000000000000000754022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8b4eaf0396c17a2021-12-20 15:53:39.435root 11241100x8000000000000000754023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd751235404c6092021-12-20 15:53:39.435root 11241100x8000000000000000754024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d04ad486bca26662021-12-20 15:53:39.436root 11241100x8000000000000000754025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5afff42d5326a42021-12-20 15:53:39.436root 11241100x8000000000000000754026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb1aa23bffaa7942021-12-20 15:53:39.436root 11241100x8000000000000000754027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c4200bcacd31d52021-12-20 15:53:39.436root 11241100x8000000000000000754028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f779e0b765f2d52021-12-20 15:53:39.436root 11241100x8000000000000000754029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9979128a85f882021-12-20 15:53:39.436root 11241100x8000000000000000754030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b248497c818592b2021-12-20 15:53:39.436root 11241100x8000000000000000754031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9456184860e58242021-12-20 15:53:39.436root 11241100x8000000000000000754032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d55946f890c7fa2021-12-20 15:53:39.436root 11241100x8000000000000000754033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6c6fe682a70b842021-12-20 15:53:39.436root 11241100x8000000000000000754034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615b229a177c2d392021-12-20 15:53:39.436root 11241100x8000000000000000754035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a435f28fdbb8edd2021-12-20 15:53:39.437root 11241100x8000000000000000754036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03b3b61505a929b2021-12-20 15:53:39.437root 11241100x8000000000000000754037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a75284a3346c272021-12-20 15:53:39.437root 11241100x8000000000000000754038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779eca626af57bdb2021-12-20 15:53:39.437root 11241100x8000000000000000754039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9be4165e4ea4ff2021-12-20 15:53:39.437root 11241100x8000000000000000754040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e96409b72c228be2021-12-20 15:53:39.437root 11241100x8000000000000000754041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e7e917923316f92021-12-20 15:53:39.437root 11241100x8000000000000000754042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beab4ef79b31b1642021-12-20 15:53:39.437root 11241100x8000000000000000754043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d7038067ff84eb2021-12-20 15:53:39.437root 11241100x8000000000000000754044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1039f7d9cb2f6b02021-12-20 15:53:39.437root 11241100x8000000000000000754045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874ae07ea67d25e42021-12-20 15:53:39.437root 11241100x8000000000000000754046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e32619dc15156c2021-12-20 15:53:39.437root 11241100x8000000000000000754047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7380826d8eb1f22021-12-20 15:53:39.437root 11241100x8000000000000000754048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362a7a9df86cc41a2021-12-20 15:53:39.437root 11241100x8000000000000000754049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4c3946d665b0122021-12-20 15:53:39.437root 11241100x8000000000000000754050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b964460e477c27a72021-12-20 15:53:39.924root 11241100x8000000000000000754051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37792985a546d9f2021-12-20 15:53:39.924root 11241100x8000000000000000754052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf1d05af6d2d1ed2021-12-20 15:53:39.924root 11241100x8000000000000000754053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f9a916374e87572021-12-20 15:53:39.924root 11241100x8000000000000000754054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddb52b9521ed8022021-12-20 15:53:39.925root 11241100x8000000000000000754055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85833038a2e022022021-12-20 15:53:39.925root 11241100x8000000000000000754056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f093f4be7537e1de2021-12-20 15:53:39.925root 11241100x8000000000000000754057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194c9931997b2ea32021-12-20 15:53:39.925root 11241100x8000000000000000754058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a275dbcc3eeaadd62021-12-20 15:53:39.925root 11241100x8000000000000000754059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e4e2479e44c3642021-12-20 15:53:39.925root 11241100x8000000000000000754060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce131ecf58db9422021-12-20 15:53:39.925root 11241100x8000000000000000754061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8ef77c8d4735802021-12-20 15:53:39.925root 11241100x8000000000000000754062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dba31ae9d87def62021-12-20 15:53:39.925root 11241100x8000000000000000754063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bda6f943d617e582021-12-20 15:53:39.925root 11241100x8000000000000000754064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cf5bdc3c6c46ef2021-12-20 15:53:39.926root 11241100x8000000000000000754065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d441a55156bce72021-12-20 15:53:39.926root 11241100x8000000000000000754066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab0f71b4b2bb1312021-12-20 15:53:39.926root 11241100x8000000000000000754067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26accd0bbbf9bcd32021-12-20 15:53:39.926root 11241100x8000000000000000754068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69f8f0d98358c522021-12-20 15:53:39.926root 11241100x8000000000000000754069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9a3937b230bc112021-12-20 15:53:39.926root 11241100x8000000000000000754070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9645a145a8cdb27d2021-12-20 15:53:39.926root 11241100x8000000000000000754071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363e5a3b2112d2f02021-12-20 15:53:39.926root 11241100x8000000000000000754072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aec8c3820334c202021-12-20 15:53:39.926root 11241100x8000000000000000754073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40981a6cff394972021-12-20 15:53:39.926root 11241100x8000000000000000754074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d9df088b09ca982021-12-20 15:53:39.926root 11241100x8000000000000000754075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b8733c31747c8d2021-12-20 15:53:39.927root 11241100x8000000000000000754076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4241e0c2b0f3b7b92021-12-20 15:53:39.927root 11241100x8000000000000000754077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8142a82a0c298b42021-12-20 15:53:39.927root 11241100x8000000000000000754078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701ae67ea6add6f22021-12-20 15:53:39.927root 11241100x8000000000000000754079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d5199344610afa2021-12-20 15:53:39.927root 11241100x8000000000000000754080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5a3d15cd25d8632021-12-20 15:53:39.927root 11241100x8000000000000000754081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b288d64c52a4e832021-12-20 15:53:39.927root 11241100x8000000000000000754082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66a7269a5a520222021-12-20 15:53:39.927root 11241100x8000000000000000754083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4fd47eee3e1b702021-12-20 15:53:39.927root 11241100x8000000000000000754084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31bd9aae442ffe82021-12-20 15:53:39.927root 11241100x8000000000000000754085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e5ea3dfa0576612021-12-20 15:53:39.928root 11241100x8000000000000000754086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2717235d0ebef22021-12-20 15:53:39.928root 11241100x8000000000000000754087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac4ed8d48608bbb2021-12-20 15:53:39.928root 11241100x8000000000000000754088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0645c3d648dde9482021-12-20 15:53:39.929root 11241100x8000000000000000754089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4073777240a95212021-12-20 15:53:39.929root 11241100x8000000000000000754090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e89c84bedb3a93d2021-12-20 15:53:39.929root 11241100x8000000000000000754091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f577f396e6443cee2021-12-20 15:53:39.929root 11241100x8000000000000000754092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa887b37c02784f2021-12-20 15:53:39.929root 11241100x8000000000000000754093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922817021df9d9d92021-12-20 15:53:39.929root 11241100x8000000000000000754094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a3208d9c53abcd2021-12-20 15:53:39.929root 11241100x8000000000000000754095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bded546154e9c0a2021-12-20 15:53:39.929root 11241100x8000000000000000754096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219e4a6d24ff03562021-12-20 15:53:39.929root 11241100x8000000000000000754097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be0c0fdf62587872021-12-20 15:53:39.930root 11241100x8000000000000000754098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2347291f629f8f5f2021-12-20 15:53:39.930root 11241100x8000000000000000754099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d675af96c982f0722021-12-20 15:53:39.930root 11241100x8000000000000000754100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f399c4ca65cd2fd42021-12-20 15:53:39.930root 11241100x8000000000000000754101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3291edf33ecfcfd2021-12-20 15:53:39.930root 11241100x8000000000000000754102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0ee9a39db7cfa82021-12-20 15:53:39.930root 11241100x8000000000000000754103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2de9f7e1be0ddcd2021-12-20 15:53:39.930root 11241100x8000000000000000754104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bd39cab9e630b42021-12-20 15:53:39.931root 11241100x8000000000000000754105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44eb55ca86355f2e2021-12-20 15:53:39.931root 11241100x8000000000000000754106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813587459d1c62ee2021-12-20 15:53:39.931root 11241100x8000000000000000754107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b096cdfea33a51e2021-12-20 15:53:39.931root 11241100x8000000000000000754108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6761486b0ed8b2021-12-20 15:53:39.931root 11241100x8000000000000000754109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5dd286e386c02c2021-12-20 15:53:39.931root 11241100x8000000000000000754110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e27cebcc9281062021-12-20 15:53:39.931root 11241100x8000000000000000754111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131766e7ec8278112021-12-20 15:53:39.931root 11241100x8000000000000000754112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b97de65a257b562021-12-20 15:53:39.931root 11241100x8000000000000000754113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d661fc4a76840a2021-12-20 15:53:39.932root 11241100x8000000000000000754114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2951a4fa0fad532021-12-20 15:53:39.932root 11241100x8000000000000000754115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2636e3ee8bae97e22021-12-20 15:53:39.932root 11241100x8000000000000000754116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6811c6024f319522021-12-20 15:53:39.932root 11241100x8000000000000000754117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf736a1858981672021-12-20 15:53:39.933root 11241100x8000000000000000754118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4a371181d256fb2021-12-20 15:53:39.933root 11241100x8000000000000000754119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2d9676a4e3b9432021-12-20 15:53:39.933root 11241100x8000000000000000754120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755313e90eafd4272021-12-20 15:53:39.933root 11241100x8000000000000000754121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea91866073d14a92021-12-20 15:53:39.933root 11241100x8000000000000000754122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17e7e4c1e38edbf2021-12-20 15:53:39.934root 11241100x8000000000000000754123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d08c1c4c0ccecc2021-12-20 15:53:39.934root 11241100x8000000000000000754124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466e1d152ee993ff2021-12-20 15:53:39.934root 11241100x8000000000000000754125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd196c5898a51162021-12-20 15:53:39.934root 11241100x8000000000000000754126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f83003f9151a482021-12-20 15:53:39.934root 11241100x8000000000000000754127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f9469b9636828e2021-12-20 15:53:39.934root 11241100x8000000000000000754128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff372be7156bf2db2021-12-20 15:53:39.934root 11241100x8000000000000000754129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18cd073e4bbd3da2021-12-20 15:53:39.935root 11241100x8000000000000000754130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41935384d9480b912021-12-20 15:53:39.935root 11241100x8000000000000000754131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb91abf4749c4e72021-12-20 15:53:39.935root 11241100x8000000000000000754132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ba882ce1bb44e62021-12-20 15:53:39.935root 11241100x8000000000000000754133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1540b1c80dfbc4f2021-12-20 15:53:39.935root 11241100x8000000000000000754134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6fc680119b17ae2021-12-20 15:53:39.935root 11241100x8000000000000000754135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597cbec97e209d5a2021-12-20 15:53:39.935root 11241100x8000000000000000754136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7182a42e85779b8b2021-12-20 15:53:39.935root 11241100x8000000000000000754137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb59d65c71ea75552021-12-20 15:53:39.935root 11241100x8000000000000000754138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679a8a431068f98c2021-12-20 15:53:39.935root 11241100x8000000000000000754139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcd80a3ade66eaf2021-12-20 15:53:39.935root 11241100x8000000000000000754140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6288d345306c65542021-12-20 15:53:39.936root 354300x8000000000000000754141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.016{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51336-false10.0.1.12-8000- 11241100x8000000000000000754142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cdeb1dbccfc6882021-12-20 15:53:40.424root 11241100x8000000000000000754143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33bff9d120b8b002021-12-20 15:53:40.425root 11241100x8000000000000000754144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041ab473b75ef7b22021-12-20 15:53:40.425root 11241100x8000000000000000754145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13690a285caef332021-12-20 15:53:40.425root 11241100x8000000000000000754146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7315732b23b3b242021-12-20 15:53:40.425root 11241100x8000000000000000754147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef16044a498f88b2021-12-20 15:53:40.425root 11241100x8000000000000000754148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42158b0925b5b2c82021-12-20 15:53:40.425root 11241100x8000000000000000754149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfde5f275fcbc10c2021-12-20 15:53:40.425root 11241100x8000000000000000754150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42df2a696513b26b2021-12-20 15:53:40.425root 11241100x8000000000000000754151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab25376468455e82021-12-20 15:53:40.426root 11241100x8000000000000000754152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b8f8fa464562822021-12-20 15:53:40.426root 11241100x8000000000000000754153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd35940114332ac42021-12-20 15:53:40.426root 11241100x8000000000000000754154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485be772418158742021-12-20 15:53:40.426root 11241100x8000000000000000754155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7195e989e574c22021-12-20 15:53:40.426root 11241100x8000000000000000754156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a575fb3d3fc94e2021-12-20 15:53:40.426root 11241100x8000000000000000754157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afaa09bf6bd6e222021-12-20 15:53:40.426root 11241100x8000000000000000754158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da829e792d81d2472021-12-20 15:53:40.427root 11241100x8000000000000000754159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a25f290cd9e4492021-12-20 15:53:40.427root 11241100x8000000000000000754160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abee8d805f0466b82021-12-20 15:53:40.427root 11241100x8000000000000000754161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a237993f763a952021-12-20 15:53:40.427root 11241100x8000000000000000754162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a1ee27a6ece5362021-12-20 15:53:40.427root 11241100x8000000000000000754163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd81323b8dbafa02021-12-20 15:53:40.427root 11241100x8000000000000000754164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138f44b14ed747442021-12-20 15:53:40.427root 11241100x8000000000000000754165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790969498891f5272021-12-20 15:53:40.427root 11241100x8000000000000000754166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e3492a68c1e5d22021-12-20 15:53:40.427root 11241100x8000000000000000754167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cb6d53c5556cc32021-12-20 15:53:40.427root 11241100x8000000000000000754168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c12f24430c28bcc2021-12-20 15:53:40.427root 11241100x8000000000000000754169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bf9db129702aa72021-12-20 15:53:40.428root 11241100x8000000000000000754170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e33f4068a3731072021-12-20 15:53:40.428root 11241100x8000000000000000754171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6f279a7acd0fb62021-12-20 15:53:40.428root 11241100x8000000000000000754172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c96d861d7237f792021-12-20 15:53:40.428root 11241100x8000000000000000754173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400917e1b2e341432021-12-20 15:53:40.428root 11241100x8000000000000000754174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf2a7b60c4d865a2021-12-20 15:53:40.428root 11241100x8000000000000000754175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3be5b6b6f280e82021-12-20 15:53:40.428root 11241100x8000000000000000754176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e5e2d015f04aff2021-12-20 15:53:40.428root 11241100x8000000000000000754177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d53a7f5f4d64b692021-12-20 15:53:40.428root 11241100x8000000000000000754178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ca079ef49831aa2021-12-20 15:53:40.428root 11241100x8000000000000000754179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d901a788050bf92021-12-20 15:53:40.428root 11241100x8000000000000000754180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23a250f488e08a82021-12-20 15:53:40.429root 11241100x8000000000000000754181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d946b9ec5884aff2021-12-20 15:53:40.429root 11241100x8000000000000000754182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760be9826dccc1b32021-12-20 15:53:40.429root 11241100x8000000000000000754183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d356746b2b09e32021-12-20 15:53:40.429root 11241100x8000000000000000754184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5595f878923179812021-12-20 15:53:40.429root 11241100x8000000000000000754185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f1f93bd1a035272021-12-20 15:53:40.429root 11241100x8000000000000000754186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bca7eb14441c272021-12-20 15:53:40.429root 11241100x8000000000000000754187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940e918393abff352021-12-20 15:53:40.429root 11241100x8000000000000000754188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0e938b0570d9282021-12-20 15:53:40.429root 11241100x8000000000000000754189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0233cb69453a1ff42021-12-20 15:53:40.429root 11241100x8000000000000000754190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2515ecd09df5e20c2021-12-20 15:53:40.429root 11241100x8000000000000000754191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5df1e420d23a08a2021-12-20 15:53:40.429root 11241100x8000000000000000754192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106b436f6263b4a42021-12-20 15:53:40.430root 11241100x8000000000000000754193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b6bc7a4860a8572021-12-20 15:53:40.430root 11241100x8000000000000000754194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9561ca132816685a2021-12-20 15:53:40.430root 11241100x8000000000000000754195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f585d1ec91259e2021-12-20 15:53:40.430root 11241100x8000000000000000754196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6bb801715e92632021-12-20 15:53:40.430root 11241100x8000000000000000754197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e9a637e5f1c45e2021-12-20 15:53:40.430root 11241100x8000000000000000754198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0b12c806537da72021-12-20 15:53:40.430root 11241100x8000000000000000754199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b4d13bcfcfb32d2021-12-20 15:53:40.430root 11241100x8000000000000000754200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464f2b13ae8597c32021-12-20 15:53:40.430root 11241100x8000000000000000754201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8c2aa75d8cce882021-12-20 15:53:40.430root 11241100x8000000000000000754202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c1038e753ae3592021-12-20 15:53:40.430root 11241100x8000000000000000754203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b1375453e2f0af2021-12-20 15:53:40.431root 11241100x8000000000000000754204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74af1c1b9da451992021-12-20 15:53:40.431root 11241100x8000000000000000754205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb601d21e4edc5712021-12-20 15:53:40.431root 11241100x8000000000000000754206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fc75520742fd9f2021-12-20 15:53:40.431root 11241100x8000000000000000754207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dee4f20e304d9492021-12-20 15:53:40.431root 11241100x8000000000000000754208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b021ddf7309668712021-12-20 15:53:40.431root 11241100x8000000000000000754209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b57ba37b94596da2021-12-20 15:53:40.431root 11241100x8000000000000000754210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79504172c63af38b2021-12-20 15:53:40.431root 11241100x8000000000000000754211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7663e8ee4b6b962021-12-20 15:53:40.924root 11241100x8000000000000000754212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c406d5ca414c9092021-12-20 15:53:40.924root 11241100x8000000000000000754213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07125c4002f687b2021-12-20 15:53:40.924root 11241100x8000000000000000754214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116a1baee20162842021-12-20 15:53:40.925root 11241100x8000000000000000754215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd0e2639518688f2021-12-20 15:53:40.925root 11241100x8000000000000000754216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60666462a80cf5362021-12-20 15:53:40.925root 11241100x8000000000000000754217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662ec3fbebcbb0032021-12-20 15:53:40.925root 11241100x8000000000000000754218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e6e40eda43a1cd2021-12-20 15:53:40.925root 11241100x8000000000000000754219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869117eeb142899f2021-12-20 15:53:40.925root 11241100x8000000000000000754220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be85aa1df514e892021-12-20 15:53:40.925root 11241100x8000000000000000754221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768be853d35a77402021-12-20 15:53:40.925root 11241100x8000000000000000754222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbadb311a20cfebe2021-12-20 15:53:40.925root 11241100x8000000000000000754223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348f1892512e5e432021-12-20 15:53:40.925root 11241100x8000000000000000754224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70963042833eea332021-12-20 15:53:40.926root 11241100x8000000000000000754225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef3e6572b936cfb2021-12-20 15:53:40.926root 11241100x8000000000000000754226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d472adad9715182021-12-20 15:53:40.926root 11241100x8000000000000000754227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1141a40b1550c7a42021-12-20 15:53:40.926root 11241100x8000000000000000754228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc41030a5c70d452021-12-20 15:53:40.926root 11241100x8000000000000000754229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1382e84cf64767d62021-12-20 15:53:40.926root 11241100x8000000000000000754230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af9ff9c324d95d22021-12-20 15:53:40.926root 11241100x8000000000000000754231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6ce1a1c05bf6182021-12-20 15:53:40.926root 11241100x8000000000000000754232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57552da95d1fafb32021-12-20 15:53:40.926root 11241100x8000000000000000754233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc521f90d530e4fe2021-12-20 15:53:40.926root 11241100x8000000000000000754234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e67aca90b358f042021-12-20 15:53:40.926root 11241100x8000000000000000754235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e717bb7b983eec2021-12-20 15:53:40.926root 11241100x8000000000000000754236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33eb1a826ef2aa0e2021-12-20 15:53:40.926root 11241100x8000000000000000754237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8763d7252a14b1f52021-12-20 15:53:40.926root 11241100x8000000000000000754238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd9ff53206d16302021-12-20 15:53:40.926root 11241100x8000000000000000754239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4054d58ddca04a7e2021-12-20 15:53:40.927root 11241100x8000000000000000754240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d0aa68cf0f94632021-12-20 15:53:40.927root 11241100x8000000000000000754241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a24664179cd8d982021-12-20 15:53:40.927root 11241100x8000000000000000754242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6f81b2a4fd18a52021-12-20 15:53:40.927root 11241100x8000000000000000754243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afcddc8649eeba92021-12-20 15:53:40.927root 11241100x8000000000000000754244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa8b3bd3c3be8e12021-12-20 15:53:40.927root 11241100x8000000000000000754245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffd350ba6dae01d2021-12-20 15:53:40.927root 11241100x8000000000000000754246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2b52588bac367d2021-12-20 15:53:40.927root 11241100x8000000000000000754247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6194ba9f3e6c4302021-12-20 15:53:40.927root 11241100x8000000000000000754248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902e0fdc3a17bec82021-12-20 15:53:40.927root 11241100x8000000000000000754249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bb4880d179299c2021-12-20 15:53:40.927root 11241100x8000000000000000754250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df7656a4e42caa02021-12-20 15:53:40.927root 11241100x8000000000000000754251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3181092288119cf02021-12-20 15:53:40.928root 11241100x8000000000000000754252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de14b6a7394bf6742021-12-20 15:53:40.928root 11241100x8000000000000000754253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffa0b207bc63dd22021-12-20 15:53:40.928root 11241100x8000000000000000754254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2629e2b14f9361892021-12-20 15:53:40.929root 11241100x8000000000000000754255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98061c34d9482e6a2021-12-20 15:53:40.929root 11241100x8000000000000000754256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf230c5949495ea2021-12-20 15:53:40.929root 11241100x8000000000000000754257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517979542eb3316f2021-12-20 15:53:40.930root 11241100x8000000000000000754258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596ba5ff44a265d02021-12-20 15:53:40.930root 11241100x8000000000000000754259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d489ec67d6ea02d2021-12-20 15:53:40.931root 11241100x8000000000000000754260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6962dd34a554f72021-12-20 15:53:40.931root 11241100x8000000000000000754261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e26d6ac4fa36e82021-12-20 15:53:40.931root 11241100x8000000000000000754262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1259a347196cd4c72021-12-20 15:53:40.932root 11241100x8000000000000000754263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7bedbe8f8f2c412021-12-20 15:53:40.932root 11241100x8000000000000000754264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5bd5b8590a82912021-12-20 15:53:40.932root 11241100x8000000000000000754265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4784c358c4a433b92021-12-20 15:53:40.935root 11241100x8000000000000000754266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3130eb385cf3bf9d2021-12-20 15:53:40.935root 11241100x8000000000000000754267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f416a82cb4065bfb2021-12-20 15:53:40.935root 11241100x8000000000000000754268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6fdd95ecdebe332021-12-20 15:53:40.935root 11241100x8000000000000000754269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94981c7cdbf89e8f2021-12-20 15:53:40.935root 11241100x8000000000000000754270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4908f633150cc52021-12-20 15:53:40.935root 11241100x8000000000000000754271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7c468ba46333a42021-12-20 15:53:40.935root 11241100x8000000000000000754272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055679ff9d3e1f0a2021-12-20 15:53:40.936root 11241100x8000000000000000754273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98a2a2f5767a45d2021-12-20 15:53:40.936root 11241100x8000000000000000754274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846353dc05e475a02021-12-20 15:53:40.937root 11241100x8000000000000000754275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23da67b5bc9928682021-12-20 15:53:40.937root 11241100x8000000000000000754276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac2b375795ebbec2021-12-20 15:53:40.937root 11241100x8000000000000000754277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4d236ed435ba8f2021-12-20 15:53:40.937root 11241100x8000000000000000754278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c847a4fcf8211f2021-12-20 15:53:40.937root 11241100x8000000000000000754279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778046585b97fcbb2021-12-20 15:53:40.937root 11241100x8000000000000000754280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19554666e4e6b5b2021-12-20 15:53:40.938root 11241100x8000000000000000754281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7044dbab8b633e302021-12-20 15:53:40.938root 11241100x8000000000000000754282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d524167835582d82021-12-20 15:53:40.939root 11241100x8000000000000000754283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894a9b9b8582018b2021-12-20 15:53:40.939root 11241100x8000000000000000754284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6818858c306f9d2021-12-20 15:53:40.939root 11241100x8000000000000000754285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f2e416c2bebdd02021-12-20 15:53:40.939root 11241100x8000000000000000754286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aa987cfa7300572021-12-20 15:53:40.939root 11241100x8000000000000000754287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d391e880f046d7672021-12-20 15:53:40.939root 11241100x8000000000000000754288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee400bc64a7ac112021-12-20 15:53:40.940root 11241100x8000000000000000754289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764a57bbcaec12b82021-12-20 15:53:40.941root 11241100x8000000000000000754290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027eba6dec5d94562021-12-20 15:53:40.941root 11241100x8000000000000000754291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35108b1f58b770e62021-12-20 15:53:40.941root 11241100x8000000000000000754292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44b43f3b664ce182021-12-20 15:53:40.941root 11241100x8000000000000000754293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a96faa72ffa6ed2021-12-20 15:53:40.941root 11241100x8000000000000000754294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d618a76149617d12021-12-20 15:53:40.942root 11241100x8000000000000000754295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c557bc484ccd972021-12-20 15:53:40.942root 11241100x8000000000000000754296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78481241d9c064112021-12-20 15:53:40.942root 11241100x8000000000000000754297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0acc79238e85ab2021-12-20 15:53:40.942root 11241100x8000000000000000754298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb552a0e7c78fafd2021-12-20 15:53:40.943root 11241100x8000000000000000754299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f215c004319c35992021-12-20 15:53:40.943root 11241100x8000000000000000754300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33086179b22d265e2021-12-20 15:53:40.943root 11241100x8000000000000000754301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b958f434a5595e2d2021-12-20 15:53:40.943root 11241100x8000000000000000754302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a6461a2d9d4d982021-12-20 15:53:40.943root 11241100x8000000000000000754303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a9ffebc3a414b42021-12-20 15:53:40.945root 11241100x8000000000000000754304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab138b1c4f9162e32021-12-20 15:53:40.945root 11241100x8000000000000000754305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b4f93c519a72c42021-12-20 15:53:40.945root 11241100x8000000000000000754306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc98b2966be696c2021-12-20 15:53:40.945root 11241100x8000000000000000754307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff45e63ab4b57262021-12-20 15:53:40.945root 11241100x8000000000000000754308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ddceca70bff9a42021-12-20 15:53:40.945root 11241100x8000000000000000754309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e132de6f904219c2021-12-20 15:53:40.946root 11241100x8000000000000000754310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b954fea0f075b62021-12-20 15:53:40.946root 11241100x8000000000000000754311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8fdcc5eb95c0832021-12-20 15:53:40.946root 11241100x8000000000000000754312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d54c31530215bc42021-12-20 15:53:40.946root 11241100x8000000000000000754313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60a0f56d81ad1d92021-12-20 15:53:40.946root 11241100x8000000000000000754314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e4c9cef3c8609f2021-12-20 15:53:40.947root 11241100x8000000000000000754315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf7135f09c154da2021-12-20 15:53:40.947root 11241100x8000000000000000754316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fa5b7cb00758bd2021-12-20 15:53:40.948root 11241100x8000000000000000754317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63a60665e8968432021-12-20 15:53:40.949root 11241100x8000000000000000754318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6829e6c91c7e3fdc2021-12-20 15:53:40.950root 11241100x8000000000000000754319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91dbd84405cfa332021-12-20 15:53:40.950root 11241100x8000000000000000754320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42e7f4b022cd2d22021-12-20 15:53:40.950root 11241100x8000000000000000754321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afac5975e6786982021-12-20 15:53:40.950root 11241100x8000000000000000754322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d52673818bf5882021-12-20 15:53:40.951root 11241100x8000000000000000754323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e492c06c1476674e2021-12-20 15:53:40.951root 11241100x8000000000000000754324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee11e1257f19ce82021-12-20 15:53:40.951root 11241100x8000000000000000754325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de247d08e112a7e22021-12-20 15:53:40.951root 11241100x8000000000000000754326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f75995d65f9ad942021-12-20 15:53:40.953root 11241100x8000000000000000754327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f813127783e89d322021-12-20 15:53:40.954root 11241100x8000000000000000754328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3eb496093a9644a2021-12-20 15:53:40.954root 11241100x8000000000000000754329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab124a70c7fa04352021-12-20 15:53:40.954root 11241100x8000000000000000754330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f311a364260596682021-12-20 15:53:40.954root 11241100x8000000000000000754331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498f7cba1b6182852021-12-20 15:53:40.955root 11241100x8000000000000000754332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0072e2c788ec6e9c2021-12-20 15:53:40.955root 11241100x8000000000000000754333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d3f6557d87546d2021-12-20 15:53:40.955root 11241100x8000000000000000754334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732a38ef9f5cac552021-12-20 15:53:40.955root 11241100x8000000000000000754335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aca45868caacd52021-12-20 15:53:40.955root 11241100x8000000000000000754336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e35c8853aa6c372021-12-20 15:53:40.955root 11241100x8000000000000000754337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d585e80aae506a2021-12-20 15:53:40.955root 11241100x8000000000000000754338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6415ea547d3169bc2021-12-20 15:53:40.956root 11241100x8000000000000000754339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd921117eb3aaf62021-12-20 15:53:40.956root 11241100x8000000000000000754340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6dd30e2f2141e92021-12-20 15:53:40.956root 11241100x8000000000000000754341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d4e7a987f9261e2021-12-20 15:53:40.956root 11241100x8000000000000000754342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b49580c88f22bff2021-12-20 15:53:40.956root 11241100x8000000000000000754343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0639df1d0f5a7d2021-12-20 15:53:40.956root 11241100x8000000000000000754344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da61234d6e9043bc2021-12-20 15:53:40.956root 11241100x8000000000000000754345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5d06ccb8be542e2021-12-20 15:53:40.956root 11241100x8000000000000000754346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098c4038ed7317992021-12-20 15:53:40.957root 11241100x8000000000000000754347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef78c9b4a0884f82021-12-20 15:53:40.957root 11241100x8000000000000000754348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef825e7d26989a6b2021-12-20 15:53:40.957root 11241100x8000000000000000754349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a956c7897a929232021-12-20 15:53:40.957root 11241100x8000000000000000754350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ed3c1ad4d2f4142021-12-20 15:53:40.957root 11241100x8000000000000000754351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d88430f2d5878c02021-12-20 15:53:40.957root 11241100x8000000000000000754352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf81707e7b8d35f42021-12-20 15:53:40.957root 11241100x8000000000000000754353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089c60c0379416292021-12-20 15:53:40.957root 11241100x8000000000000000754354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ea29df3bfe82332021-12-20 15:53:40.957root 11241100x8000000000000000754355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca9fd0a7d986dd52021-12-20 15:53:40.957root 11241100x8000000000000000754356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df35fa134bf41e22021-12-20 15:53:40.957root 11241100x8000000000000000754357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f9f25bea7eae432021-12-20 15:53:40.957root 11241100x8000000000000000754358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8846a7b24aaff51c2021-12-20 15:53:40.957root 11241100x8000000000000000754359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aac2c6aa37263f32021-12-20 15:53:40.957root 11241100x8000000000000000754360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26da651a667180ca2021-12-20 15:53:40.958root 11241100x8000000000000000754361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8231d42b5a7d9692021-12-20 15:53:40.958root 11241100x8000000000000000754362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7f83b1205abcc32021-12-20 15:53:40.958root 11241100x8000000000000000754363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f24f9b86a97af8f2021-12-20 15:53:40.958root 11241100x8000000000000000754364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b2fef1af5677a92021-12-20 15:53:40.958root 11241100x8000000000000000754365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6716bb359c3bc2372021-12-20 15:53:40.958root 11241100x8000000000000000754366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce51fd327673870e2021-12-20 15:53:40.958root 11241100x8000000000000000754367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3013446cdf354d2021-12-20 15:53:40.958root 11241100x8000000000000000754368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5054d49421dea7b2021-12-20 15:53:40.958root 11241100x8000000000000000754369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7522d9e8ce5e89f2021-12-20 15:53:40.958root 11241100x8000000000000000754370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea76a7ca351de7f32021-12-20 15:53:40.958root 11241100x8000000000000000754371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93700b7faf502ba72021-12-20 15:53:40.958root 11241100x8000000000000000754372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d043c1452c6fad2021-12-20 15:53:40.958root 11241100x8000000000000000754373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee5b5fdfe2ea6c62021-12-20 15:53:40.958root 11241100x8000000000000000754374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84de7b0e7a4452862021-12-20 15:53:40.959root 11241100x8000000000000000754375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72c5dfcba3090922021-12-20 15:53:40.959root 11241100x8000000000000000754376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f601c68d532b822021-12-20 15:53:40.959root 11241100x8000000000000000754377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3631b3138bfcd7a82021-12-20 15:53:40.959root 11241100x8000000000000000754378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dd4409eb22ac6a2021-12-20 15:53:40.959root 11241100x8000000000000000754379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aceef55f6bc7d872021-12-20 15:53:40.959root 11241100x8000000000000000754380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9a60e8f96e10e72021-12-20 15:53:40.959root 11241100x8000000000000000754381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9517438c3bfb4b942021-12-20 15:53:40.959root 11241100x8000000000000000754382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dc7343b20595872021-12-20 15:53:40.959root 11241100x8000000000000000754383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f7153ac931d5ed2021-12-20 15:53:40.959root 11241100x8000000000000000754384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef3f5716d7262f12021-12-20 15:53:40.959root 11241100x8000000000000000754385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2ce5847af424c12021-12-20 15:53:40.959root 11241100x8000000000000000754386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c264022ed2d048b2021-12-20 15:53:40.959root 11241100x8000000000000000754387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d917128ee0a70ca2021-12-20 15:53:40.959root 11241100x8000000000000000754388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f7d1ebbd433a382021-12-20 15:53:40.960root 11241100x8000000000000000754389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3545dff5f73255112021-12-20 15:53:40.960root 11241100x8000000000000000754390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a9e3c67478430c2021-12-20 15:53:40.960root 11241100x8000000000000000754391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45868bb4c78e5582021-12-20 15:53:40.960root 11241100x8000000000000000754392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74edabdc2ae75ef32021-12-20 15:53:40.960root 11241100x8000000000000000754393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135f0e6c5659e2112021-12-20 15:53:40.960root 11241100x8000000000000000754394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb68c8241eb298952021-12-20 15:53:40.960root 11241100x8000000000000000754395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242490dd54d8b5902021-12-20 15:53:40.960root 11241100x8000000000000000754396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14db2a98d4d166b2021-12-20 15:53:40.960root 11241100x8000000000000000754397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afefd7f07b2022ca2021-12-20 15:53:40.960root 11241100x8000000000000000754398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28cf9a2257008362021-12-20 15:53:40.961root 11241100x8000000000000000754399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382e4f92e6dcb45e2021-12-20 15:53:40.961root 11241100x8000000000000000754400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a5f22f746248a42021-12-20 15:53:40.961root 11241100x8000000000000000754401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aff802ac9ae5c42021-12-20 15:53:40.961root 11241100x8000000000000000754402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35fbd5b40c12ef32021-12-20 15:53:40.961root 11241100x8000000000000000754403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b775d8afd1f57762021-12-20 15:53:40.961root 11241100x8000000000000000754404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb579816e073e0fb2021-12-20 15:53:40.961root 11241100x8000000000000000754405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0cd347dd177df62021-12-20 15:53:40.961root 11241100x8000000000000000754406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8cf0d09e82cdb22021-12-20 15:53:40.961root 11241100x8000000000000000754407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149a24a06d238b6d2021-12-20 15:53:40.961root 11241100x8000000000000000754408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e07024bab66aa932021-12-20 15:53:40.961root 11241100x8000000000000000754409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3e30bd4e4dac412021-12-20 15:53:40.961root 11241100x8000000000000000754410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fedee5d9cea4c62021-12-20 15:53:40.961root 11241100x8000000000000000754411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e03c2b64e5868e2021-12-20 15:53:40.962root 11241100x8000000000000000754412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e5586d3ee06fd42021-12-20 15:53:40.962root 11241100x8000000000000000754413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f8d3802693c5c02021-12-20 15:53:40.962root 11241100x8000000000000000754414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99b45e579d3cc422021-12-20 15:53:40.962root 11241100x8000000000000000754415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88ddf3e163637572021-12-20 15:53:40.962root 11241100x8000000000000000754416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ee8c6735c4e04a2021-12-20 15:53:40.962root 11241100x8000000000000000754417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34332efd525e17712021-12-20 15:53:40.962root 11241100x8000000000000000754418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5adcc0977fd09182021-12-20 15:53:40.962root 11241100x8000000000000000754419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42cae36c3b23b982021-12-20 15:53:40.962root 11241100x8000000000000000754420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99ee1817ff6ad692021-12-20 15:53:40.963root 11241100x8000000000000000754421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f28bf6c65a4b36e2021-12-20 15:53:40.963root 11241100x8000000000000000754422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd2dc61abe5337f2021-12-20 15:53:40.963root 11241100x8000000000000000754423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ecd3c0f20aefde2021-12-20 15:53:40.963root 11241100x8000000000000000754424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8a10b2efcdedab2021-12-20 15:53:40.963root 11241100x8000000000000000754425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143e14d10927124c2021-12-20 15:53:40.963root 11241100x8000000000000000754426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80e0e642f9255642021-12-20 15:53:40.963root 11241100x8000000000000000754427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ada7378991fcb82021-12-20 15:53:40.963root 11241100x8000000000000000754428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716b682a8d3d2ce12021-12-20 15:53:40.963root 11241100x8000000000000000754429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4195cacfe41817662021-12-20 15:53:40.963root 11241100x8000000000000000754430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf116389a009239d2021-12-20 15:53:40.964root 11241100x8000000000000000754431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d06b6cfe932cb92021-12-20 15:53:40.964root 11241100x8000000000000000754432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fa535f953a4ccf2021-12-20 15:53:40.964root 11241100x8000000000000000754433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf8b62147107c662021-12-20 15:53:40.964root 11241100x8000000000000000754434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7b42aee890d95d2021-12-20 15:53:40.964root 11241100x8000000000000000754435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9506247727c78b22021-12-20 15:53:40.964root 11241100x8000000000000000754436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2466edd33da0fabf2021-12-20 15:53:40.964root 11241100x8000000000000000754437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a96402689666ae2021-12-20 15:53:40.964root 11241100x8000000000000000754438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15b96828992ab6c2021-12-20 15:53:40.964root 11241100x8000000000000000754439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1280f96011e1e12021-12-20 15:53:40.964root 11241100x8000000000000000754440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2999f0e2af63582021-12-20 15:53:40.965root 11241100x8000000000000000754441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46b1edb85cf8c6d2021-12-20 15:53:40.965root 11241100x8000000000000000754442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac2cca0766b756c2021-12-20 15:53:40.965root 11241100x8000000000000000754443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45775936a8df81f12021-12-20 15:53:40.965root 11241100x8000000000000000754444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903dfa52631e4da02021-12-20 15:53:40.965root 11241100x8000000000000000754445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7e3b6984756bdc2021-12-20 15:53:40.965root 11241100x8000000000000000754446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b2bed07e0c99e62021-12-20 15:53:40.965root 11241100x8000000000000000754447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1333906769c516922021-12-20 15:53:40.965root 11241100x8000000000000000754448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7d2f027dd17e842021-12-20 15:53:40.965root 11241100x8000000000000000754449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf2cd7b5a32fba2021-12-20 15:53:40.966root 11241100x8000000000000000754450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d489897d85996cb42021-12-20 15:53:40.966root 11241100x8000000000000000754451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486817ec631955ec2021-12-20 15:53:40.966root 11241100x8000000000000000754452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b77e6fa833d8a42021-12-20 15:53:40.966root 11241100x8000000000000000754453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09e526c1873becd2021-12-20 15:53:40.966root 11241100x8000000000000000754454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d627b7458e9dbd2021-12-20 15:53:40.966root 11241100x8000000000000000754455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c425fb13d5da1a62021-12-20 15:53:40.966root 11241100x8000000000000000754456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7ba2a343e3e3cd2021-12-20 15:53:40.967root 11241100x8000000000000000754457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7a0ae8c903025a2021-12-20 15:53:40.967root 11241100x8000000000000000754458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0229d886ceb2142021-12-20 15:53:40.967root 11241100x8000000000000000754459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a3a712f3376c232021-12-20 15:53:40.967root 11241100x8000000000000000754460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08be269889bfe3802021-12-20 15:53:40.967root 11241100x8000000000000000754461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7b83a1a43973a92021-12-20 15:53:40.967root 11241100x8000000000000000754462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af8987b46516a202021-12-20 15:53:40.967root 11241100x8000000000000000754463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97d64148405a8bc2021-12-20 15:53:40.967root 11241100x8000000000000000754464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb819ab221c450df2021-12-20 15:53:40.968root 11241100x8000000000000000754465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1103cd6f7a76cc942021-12-20 15:53:40.968root 11241100x8000000000000000754466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a657627ff06be02021-12-20 15:53:40.968root 11241100x8000000000000000754467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26646ac21bcb0a72021-12-20 15:53:40.968root 11241100x8000000000000000754468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf6d6a7b75780b02021-12-20 15:53:40.968root 11241100x8000000000000000754469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aad0947496236922021-12-20 15:53:40.968root 11241100x8000000000000000754470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.969{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb562948ce2e7d032021-12-20 15:53:40.969root 11241100x8000000000000000754471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.969{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4214b0845c58aaa2021-12-20 15:53:40.969root 11241100x8000000000000000754472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.969{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0fac9434bb870c2021-12-20 15:53:40.969root 11241100x8000000000000000754473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.969{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74931957593885562021-12-20 15:53:40.969root 11241100x8000000000000000754474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.969{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b562817a126d542021-12-20 15:53:40.969root 11241100x8000000000000000754475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.970{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ff134467c7948b2021-12-20 15:53:40.970root 11241100x8000000000000000754476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.970{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14cd09e614fa0dc2021-12-20 15:53:40.970root 11241100x8000000000000000754477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.970{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e67b607a382ab52021-12-20 15:53:40.970root 11241100x8000000000000000754478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.970{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048163a7372001b22021-12-20 15:53:40.970root 11241100x8000000000000000754479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4309d00acf6d230c2021-12-20 15:53:40.971root 11241100x8000000000000000754480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0b0d8f728da2952021-12-20 15:53:40.971root 11241100x8000000000000000754481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85bccbd8fb85a1c2021-12-20 15:53:40.971root 11241100x8000000000000000754482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128cff4efc28f1c52021-12-20 15:53:40.971root 11241100x8000000000000000754483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286b588ab4be44a92021-12-20 15:53:40.971root 11241100x8000000000000000754484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195a9dbf58c388972021-12-20 15:53:40.971root 11241100x8000000000000000754485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2eab83035cbe162021-12-20 15:53:40.971root 11241100x8000000000000000754486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2391ebe31d508ae2021-12-20 15:53:40.972root 11241100x8000000000000000754487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9985f166507613272021-12-20 15:53:40.972root 11241100x8000000000000000754488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bda5c58c8afb002021-12-20 15:53:40.972root 11241100x8000000000000000754489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd80c6742e6d44ad2021-12-20 15:53:40.972root 11241100x8000000000000000754490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7ca7815020c2412021-12-20 15:53:40.972root 11241100x8000000000000000754491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0144a42cdc5a692f2021-12-20 15:53:40.972root 11241100x8000000000000000754492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89536b9f9beea1e02021-12-20 15:53:40.973root 11241100x8000000000000000754493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286679288239cadd2021-12-20 15:53:40.973root 11241100x8000000000000000754494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628dfca6d823655e2021-12-20 15:53:40.973root 11241100x8000000000000000754495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b4207b4cbcade92021-12-20 15:53:40.973root 11241100x8000000000000000754496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a5761a607b305e2021-12-20 15:53:40.973root 11241100x8000000000000000754497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7501953bd0c12bcf2021-12-20 15:53:40.973root 11241100x8000000000000000754498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed646a6d077a00f2021-12-20 15:53:40.973root 11241100x8000000000000000754499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8311375a2c9763202021-12-20 15:53:40.974root 11241100x8000000000000000754500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa964cb2fdba53a02021-12-20 15:53:40.974root 11241100x8000000000000000754501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e39cc155a241012021-12-20 15:53:40.974root 11241100x8000000000000000754502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746cc4dcac2e09892021-12-20 15:53:40.974root 11241100x8000000000000000754503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2f67cd25635f292021-12-20 15:53:40.974root 11241100x8000000000000000754504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9703077e6b7464ab2021-12-20 15:53:40.974root 11241100x8000000000000000754505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751514be6d0ef92d2021-12-20 15:53:40.974root 11241100x8000000000000000754506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11843def8d89dc72021-12-20 15:53:40.974root 11241100x8000000000000000754507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc17cd066aa4dc62021-12-20 15:53:40.975root 11241100x8000000000000000754508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea55d04ee8901aad2021-12-20 15:53:40.975root 11241100x8000000000000000754509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37da5a0a75bb73d32021-12-20 15:53:40.975root 11241100x8000000000000000754510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e4307f8f069ebf2021-12-20 15:53:40.975root 11241100x8000000000000000754511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e099abca106fbfb82021-12-20 15:53:40.975root 11241100x8000000000000000754512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4784f99f0946936c2021-12-20 15:53:40.975root 11241100x8000000000000000754513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f483a9279562ae62021-12-20 15:53:40.975root 11241100x8000000000000000754514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96244d3527f1779a2021-12-20 15:53:40.975root 11241100x8000000000000000754515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1258abad36bc392e2021-12-20 15:53:40.975root 11241100x8000000000000000754516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.976{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daacfd8b34b6ef72021-12-20 15:53:40.976root 11241100x8000000000000000754517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881b88a1d3aefaea2021-12-20 15:53:41.424root 11241100x8000000000000000754518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7226489ca96b9b62021-12-20 15:53:41.424root 11241100x8000000000000000754519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c429ceee5d594d2021-12-20 15:53:41.424root 11241100x8000000000000000754520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb5fba906a2ec9c2021-12-20 15:53:41.424root 11241100x8000000000000000754521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faf85d6d3891ead2021-12-20 15:53:41.424root 11241100x8000000000000000754522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445a900cd77190212021-12-20 15:53:41.425root 11241100x8000000000000000754523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93abfccffe0990962021-12-20 15:53:41.425root 11241100x8000000000000000754524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93789496a2b17872021-12-20 15:53:41.425root 11241100x8000000000000000754525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f1cb1c4a4483472021-12-20 15:53:41.425root 11241100x8000000000000000754526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5231c3b097ad0162021-12-20 15:53:41.425root 11241100x8000000000000000754527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a6838d89d2d81a2021-12-20 15:53:41.426root 11241100x8000000000000000754528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8400720396bb1af42021-12-20 15:53:41.426root 11241100x8000000000000000754529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe2a62f286f716a2021-12-20 15:53:41.426root 11241100x8000000000000000754530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4c2d99113862492021-12-20 15:53:41.426root 11241100x8000000000000000754531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54866dbd0ff59c82021-12-20 15:53:41.426root 11241100x8000000000000000754532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa156bbd860248e52021-12-20 15:53:41.426root 11241100x8000000000000000754533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3192b30bdfc4052021-12-20 15:53:41.426root 11241100x8000000000000000754534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f02f0607a2aa80c2021-12-20 15:53:41.426root 11241100x8000000000000000754535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda5c9d49d6ad1002021-12-20 15:53:41.426root 11241100x8000000000000000754536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b324ea298b0886ac2021-12-20 15:53:41.427root 11241100x8000000000000000754537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86edd33ccef552822021-12-20 15:53:41.427root 11241100x8000000000000000754538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eccb78d76cb5732021-12-20 15:53:41.427root 11241100x8000000000000000754539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a83cd67cf9cfe512021-12-20 15:53:41.427root 11241100x8000000000000000754540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4480729001138962021-12-20 15:53:41.427root 11241100x8000000000000000754541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e24281a6cd573c92021-12-20 15:53:41.427root 11241100x8000000000000000754542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cc1dabae82b63b2021-12-20 15:53:41.427root 11241100x8000000000000000754543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa56bbf5a4008be2021-12-20 15:53:41.427root 11241100x8000000000000000754544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d0e3ae4aa0ece42021-12-20 15:53:41.428root 11241100x8000000000000000754545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbf37a9b7d8ae6a2021-12-20 15:53:41.428root 11241100x8000000000000000754546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc73d3ed68b54a632021-12-20 15:53:41.428root 11241100x8000000000000000754547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a6cbecc8d9df312021-12-20 15:53:41.428root 11241100x8000000000000000754548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828f781857dc45752021-12-20 15:53:41.428root 11241100x8000000000000000754549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e19f929612ab84a2021-12-20 15:53:41.428root 11241100x8000000000000000754550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3faf035b96c6a2c42021-12-20 15:53:41.428root 11241100x8000000000000000754551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe6fdfe55300b072021-12-20 15:53:41.429root 11241100x8000000000000000754552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865562a2b17fb89e2021-12-20 15:53:41.429root 11241100x8000000000000000754553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a90dd0ef46c062a2021-12-20 15:53:41.429root 11241100x8000000000000000754554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cd38fb17f8c10c2021-12-20 15:53:41.429root 11241100x8000000000000000754555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0998960051fa69122021-12-20 15:53:41.430root 11241100x8000000000000000754556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b549685f7576e92021-12-20 15:53:41.430root 11241100x8000000000000000754557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c960c56ad4515d02021-12-20 15:53:41.430root 11241100x8000000000000000754558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a9821988e629342021-12-20 15:53:41.430root 11241100x8000000000000000754559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58fde925a1a84962021-12-20 15:53:41.430root 11241100x8000000000000000754560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5202d6e3e6671fee2021-12-20 15:53:41.431root 11241100x8000000000000000754561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4088d03e828ac902021-12-20 15:53:41.431root 11241100x8000000000000000754562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88977ca37a189832021-12-20 15:53:41.431root 11241100x8000000000000000754563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e304a38e8cbe3c52021-12-20 15:53:41.431root 11241100x8000000000000000754564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e06695f7ad324e2021-12-20 15:53:41.431root 11241100x8000000000000000754565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d1a7ac87f2f23f2021-12-20 15:53:41.431root 11241100x8000000000000000754566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d9956ca10a2aef2021-12-20 15:53:41.432root 11241100x8000000000000000754567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4508ba4a5dbf38d32021-12-20 15:53:41.432root 11241100x8000000000000000754568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d681049c3ed3212021-12-20 15:53:41.432root 11241100x8000000000000000754569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd85fc1296d2d47c2021-12-20 15:53:41.432root 11241100x8000000000000000754570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d95fb0d3c4768392021-12-20 15:53:41.432root 11241100x8000000000000000754571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2ca5e543d7ee172021-12-20 15:53:41.432root 11241100x8000000000000000754572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fbc6727a47a54b2021-12-20 15:53:41.432root 11241100x8000000000000000754573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9898180de2f7302021-12-20 15:53:41.432root 11241100x8000000000000000754574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0953bdf6bd83d52021-12-20 15:53:41.433root 11241100x8000000000000000754575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a192bcb9ae98f392021-12-20 15:53:41.433root 11241100x8000000000000000754576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51173662cd0394872021-12-20 15:53:41.433root 11241100x8000000000000000754577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3c5f2654bc723c2021-12-20 15:53:41.433root 11241100x8000000000000000754578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebf6d0f924d7a212021-12-20 15:53:41.433root 11241100x8000000000000000754579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6974366d721288122021-12-20 15:53:41.433root 11241100x8000000000000000754580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1686d882ff9ccbec2021-12-20 15:53:41.433root 11241100x8000000000000000754581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d8ff4bb6462a322021-12-20 15:53:41.434root 11241100x8000000000000000754582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507852602894e7852021-12-20 15:53:41.434root 11241100x8000000000000000754583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c8d24aa7e22b652021-12-20 15:53:41.434root 11241100x8000000000000000754584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8c465adb3455132021-12-20 15:53:41.434root 11241100x8000000000000000754585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80155588ba2a2982021-12-20 15:53:41.434root 11241100x8000000000000000754586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ea112762063e402021-12-20 15:53:41.434root 11241100x8000000000000000754587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be17d3cbddd5aba2021-12-20 15:53:41.434root 11241100x8000000000000000754588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42e3fb0025fc2732021-12-20 15:53:41.435root 11241100x8000000000000000754589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db51a376cad57602021-12-20 15:53:41.435root 11241100x8000000000000000754590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f734ddd0218fee2021-12-20 15:53:41.435root 11241100x8000000000000000754591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d126a71c46aae72021-12-20 15:53:41.435root 11241100x8000000000000000754592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77970b91b66727072021-12-20 15:53:41.435root 11241100x8000000000000000754593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129defc7c2b5f78d2021-12-20 15:53:41.435root 11241100x8000000000000000754594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9741ddfb9c3cad912021-12-20 15:53:41.435root 11241100x8000000000000000754595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcdb04b35ff509c2021-12-20 15:53:41.435root 11241100x8000000000000000754596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c60dc5cd2bfaaec2021-12-20 15:53:41.435root 11241100x8000000000000000754597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6ec37f58b26a9c2021-12-20 15:53:41.436root 11241100x8000000000000000754598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a010894c34a8c92021-12-20 15:53:41.436root 11241100x8000000000000000754599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cf8c4edc91ce552021-12-20 15:53:41.436root 11241100x8000000000000000754600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f52de78e1a94d062021-12-20 15:53:41.436root 11241100x8000000000000000754601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875332bf5e1679332021-12-20 15:53:41.436root 11241100x8000000000000000754602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4223842edbb6852021-12-20 15:53:41.436root 11241100x8000000000000000754603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da1784060e953582021-12-20 15:53:41.436root 11241100x8000000000000000754604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047974c1ade373642021-12-20 15:53:41.436root 11241100x8000000000000000754605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03425efaf03ba6512021-12-20 15:53:41.436root 11241100x8000000000000000754606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f30466d4392323f2021-12-20 15:53:41.437root 11241100x8000000000000000754607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18745b10ab0ae2702021-12-20 15:53:41.437root 11241100x8000000000000000754608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35602e7b595597012021-12-20 15:53:41.437root 11241100x8000000000000000754609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d32cbf68439944b2021-12-20 15:53:41.437root 11241100x8000000000000000754610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5782226b849ecd2021-12-20 15:53:41.437root 11241100x8000000000000000754611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f1a1d0496125722021-12-20 15:53:41.437root 11241100x8000000000000000754612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85b4264be1779de2021-12-20 15:53:41.437root 11241100x8000000000000000754613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0a62a6ffc0fa4d2021-12-20 15:53:41.924root 11241100x8000000000000000754614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea50fb1f03528ca2021-12-20 15:53:41.924root 11241100x8000000000000000754615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6dfe0f6c51f4c452021-12-20 15:53:41.924root 11241100x8000000000000000754616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92287983abf13ec2021-12-20 15:53:41.924root 11241100x8000000000000000754617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d16a8d91562e942021-12-20 15:53:41.925root 11241100x8000000000000000754618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eefffc6da3ef37d2021-12-20 15:53:41.925root 11241100x8000000000000000754619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa530972d79d73d2021-12-20 15:53:41.925root 11241100x8000000000000000754620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b6d0e5d470a6c42021-12-20 15:53:41.925root 11241100x8000000000000000754621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95fc22aad9726922021-12-20 15:53:41.925root 11241100x8000000000000000754622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f38da5a03fd10b2021-12-20 15:53:41.925root 11241100x8000000000000000754623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbe672e8eb558ee2021-12-20 15:53:41.926root 11241100x8000000000000000754624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14828f8b1dc43592021-12-20 15:53:41.926root 11241100x8000000000000000754625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7651e2d7badf9a122021-12-20 15:53:41.926root 11241100x8000000000000000754626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311e6877c6bd5d412021-12-20 15:53:41.926root 11241100x8000000000000000754627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89c1da266cde6e12021-12-20 15:53:41.926root 11241100x8000000000000000754628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0902ffbdab7441c82021-12-20 15:53:41.926root 11241100x8000000000000000754629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb55f8beed730412021-12-20 15:53:41.926root 11241100x8000000000000000754630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6307c8d19446b36c2021-12-20 15:53:41.926root 11241100x8000000000000000754631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e64f7d6ba50aaad2021-12-20 15:53:41.927root 11241100x8000000000000000754632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f45e9ba98144d42021-12-20 15:53:41.927root 11241100x8000000000000000754633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4bb582f51374b42021-12-20 15:53:41.927root 11241100x8000000000000000754634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada09f0ed9f30bea2021-12-20 15:53:41.927root 11241100x8000000000000000754635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1508444cbf59781c2021-12-20 15:53:41.927root 11241100x8000000000000000754636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf99146df960d7d2021-12-20 15:53:41.927root 11241100x8000000000000000754637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83f217f561341a22021-12-20 15:53:41.927root 11241100x8000000000000000754638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a5dc45b634a25a2021-12-20 15:53:41.927root 11241100x8000000000000000754639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3002b074565230502021-12-20 15:53:41.927root 11241100x8000000000000000754640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1bee40f0bd947c2021-12-20 15:53:41.927root 11241100x8000000000000000754641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c9a86f562856a62021-12-20 15:53:41.927root 11241100x8000000000000000754642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7e8dc6377096a82021-12-20 15:53:41.928root 11241100x8000000000000000754643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac1d256f9da032b2021-12-20 15:53:41.928root 11241100x8000000000000000754644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06378b10c1fb61202021-12-20 15:53:41.928root 11241100x8000000000000000754645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b462158c2f671392021-12-20 15:53:41.928root 11241100x8000000000000000754646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e921c0b7192e7af82021-12-20 15:53:41.928root 11241100x8000000000000000754647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e4d9b074eda55f2021-12-20 15:53:41.928root 11241100x8000000000000000754648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f375b998e0ae7c222021-12-20 15:53:41.928root 11241100x8000000000000000754649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd4a9da2e1efe6b2021-12-20 15:53:41.928root 11241100x8000000000000000754650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bc2e808be10bea2021-12-20 15:53:41.928root 11241100x8000000000000000754651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213d834fc3af8af42021-12-20 15:53:41.928root 11241100x8000000000000000754652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09eb42455b2fadd2021-12-20 15:53:41.928root 11241100x8000000000000000754653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1477f60c425fbc2021-12-20 15:53:41.929root 11241100x8000000000000000754654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3cabf52a0b14262021-12-20 15:53:41.929root 11241100x8000000000000000754655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85aff3b49d45e4902021-12-20 15:53:41.929root 11241100x8000000000000000754656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fe3d839fa96cbb2021-12-20 15:53:41.929root 11241100x8000000000000000754657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dfa84f793e57352021-12-20 15:53:41.929root 11241100x8000000000000000754658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52743f6d86ae3882021-12-20 15:53:41.929root 11241100x8000000000000000754659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdb338f93033cdd2021-12-20 15:53:41.929root 11241100x8000000000000000754660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c36981113c5d702021-12-20 15:53:41.929root 11241100x8000000000000000754661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a509b41e6680e1c2021-12-20 15:53:41.929root 11241100x8000000000000000754662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87247230a4c251ce2021-12-20 15:53:41.929root 11241100x8000000000000000754663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fff9d2f643e78202021-12-20 15:53:41.930root 11241100x8000000000000000754664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f237c404c7cb99272021-12-20 15:53:41.930root 11241100x8000000000000000754665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988a0ad0d5772b502021-12-20 15:53:41.930root 11241100x8000000000000000754666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce14378d510997b2021-12-20 15:53:41.931root 11241100x8000000000000000754667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8cdf3dc74582232021-12-20 15:53:41.931root 11241100x8000000000000000754668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd67667a0e5456522021-12-20 15:53:41.931root 11241100x8000000000000000754669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eb17fe8f93f74f2021-12-20 15:53:41.931root 11241100x8000000000000000754670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b3bff8660a50082021-12-20 15:53:41.931root 11241100x8000000000000000754671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2909451f5dcc34ac2021-12-20 15:53:41.932root 11241100x8000000000000000754672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43283f81b66033dc2021-12-20 15:53:41.932root 11241100x8000000000000000754673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e340517d9551f22021-12-20 15:53:42.424root 11241100x8000000000000000754674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ac1b2efac1c55c2021-12-20 15:53:42.424root 11241100x8000000000000000754675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed579612073a653b2021-12-20 15:53:42.425root 11241100x8000000000000000754676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e04d1c20665e9f2021-12-20 15:53:42.425root 11241100x8000000000000000754677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eb250e1a8e99a12021-12-20 15:53:42.425root 11241100x8000000000000000754678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8dd693c378eff42021-12-20 15:53:42.425root 11241100x8000000000000000754679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc71c26af22e8e902021-12-20 15:53:42.425root 11241100x8000000000000000754680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13cf03b98147e172021-12-20 15:53:42.425root 11241100x8000000000000000754681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef80f3940779dceb2021-12-20 15:53:42.425root 11241100x8000000000000000754682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0083ead04d92fc382021-12-20 15:53:42.425root 11241100x8000000000000000754683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cee728041b8f35b2021-12-20 15:53:42.425root 11241100x8000000000000000754684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d89a40a4638c7e2021-12-20 15:53:42.426root 11241100x8000000000000000754685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7a599a9b1cb7322021-12-20 15:53:42.426root 11241100x8000000000000000754686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b43d38dcca8fe2021-12-20 15:53:42.426root 11241100x8000000000000000754687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39d0f48c3b20b942021-12-20 15:53:42.426root 11241100x8000000000000000754688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828294f19819ca512021-12-20 15:53:42.426root 11241100x8000000000000000754689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e172959a8c728f2021-12-20 15:53:42.426root 11241100x8000000000000000754690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a65842874f92f72021-12-20 15:53:42.427root 11241100x8000000000000000754691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6918996e9c459c9e2021-12-20 15:53:42.427root 11241100x8000000000000000754692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6d73d47ce50a3c2021-12-20 15:53:42.427root 11241100x8000000000000000754693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e70e6a2e921dc412021-12-20 15:53:42.427root 11241100x8000000000000000754694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a79544a130bf412021-12-20 15:53:42.427root 11241100x8000000000000000754695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c34fc687895f3572021-12-20 15:53:42.427root 11241100x8000000000000000754696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ff32a8a40c9f372021-12-20 15:53:42.427root 11241100x8000000000000000754697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d0ca2054bb24372021-12-20 15:53:42.428root 11241100x8000000000000000754698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492d935043e599112021-12-20 15:53:42.428root 11241100x8000000000000000754699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e0784a0b34fe072021-12-20 15:53:42.428root 11241100x8000000000000000754700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55e22a9d20dca252021-12-20 15:53:42.428root 11241100x8000000000000000754701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ab3188433393e32021-12-20 15:53:42.428root 11241100x8000000000000000754702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f964eeae98343de12021-12-20 15:53:42.428root 11241100x8000000000000000754703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2aad94d2d2c7aa2021-12-20 15:53:42.428root 11241100x8000000000000000754704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d97663447d80d7f2021-12-20 15:53:42.428root 11241100x8000000000000000754705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e017c5a443a342382021-12-20 15:53:42.428root 11241100x8000000000000000754706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9d661e36c2dd992021-12-20 15:53:42.428root 11241100x8000000000000000754707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cad03da3ad58ce2021-12-20 15:53:42.428root 11241100x8000000000000000754708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c944e6e1bbf055e62021-12-20 15:53:42.428root 11241100x8000000000000000754709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32663fb7c4fb80ba2021-12-20 15:53:42.428root 11241100x8000000000000000754710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b36a2918eedab682021-12-20 15:53:42.428root 11241100x8000000000000000754711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5158b248ef131192021-12-20 15:53:42.428root 11241100x8000000000000000754712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd291d2a7b523512021-12-20 15:53:42.429root 11241100x8000000000000000754713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a90334109d3b96c2021-12-20 15:53:42.429root 11241100x8000000000000000754714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1648686f51e1718e2021-12-20 15:53:42.429root 11241100x8000000000000000754715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7929883616a7f24b2021-12-20 15:53:42.431root 11241100x8000000000000000754716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05e6d73f3199fe32021-12-20 15:53:42.432root 11241100x8000000000000000754717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5e9f2aa771f0a02021-12-20 15:53:42.432root 11241100x8000000000000000754718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c56d0e7abe29efc2021-12-20 15:53:42.433root 11241100x8000000000000000754719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4aa5f41fb91baa2021-12-20 15:53:42.433root 11241100x8000000000000000754720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e0adbfa661bae52021-12-20 15:53:42.434root 11241100x8000000000000000754721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a956fee3305b4b32021-12-20 15:53:42.434root 11241100x8000000000000000754722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8226c0e52484a2932021-12-20 15:53:42.434root 11241100x8000000000000000754723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b41df28de08cfb72021-12-20 15:53:42.434root 11241100x8000000000000000754724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5682436ce0139822021-12-20 15:53:42.434root 11241100x8000000000000000754725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3db2ad716bb82b2021-12-20 15:53:42.434root 11241100x8000000000000000754726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec94e0389e809fb2021-12-20 15:53:42.434root 11241100x8000000000000000754727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce54e0e9f2e5fb12021-12-20 15:53:42.435root 11241100x8000000000000000754728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7992cf2ecd3beb042021-12-20 15:53:42.436root 11241100x8000000000000000754729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2483ac7a2ab83f452021-12-20 15:53:42.436root 11241100x8000000000000000754730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4882a6532be8c25b2021-12-20 15:53:42.436root 11241100x8000000000000000754731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0261d5f3e4f3a6412021-12-20 15:53:42.436root 11241100x8000000000000000754732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d074e75aa413e3fa2021-12-20 15:53:42.436root 11241100x8000000000000000754733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cac3e7819b8bcf2021-12-20 15:53:42.437root 11241100x8000000000000000754734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62813ec5dc41bac62021-12-20 15:53:42.437root 11241100x8000000000000000754735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521df2ee5a129e602021-12-20 15:53:42.437root 11241100x8000000000000000754736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a138cc1aaf80662021-12-20 15:53:42.437root 11241100x8000000000000000754737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3ca1e0bd42ddcb2021-12-20 15:53:42.438root 11241100x8000000000000000754738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ffed5d75d496852021-12-20 15:53:42.438root 11241100x8000000000000000754739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3469bfd04742aa92021-12-20 15:53:42.438root 11241100x8000000000000000754740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08178415bb49b0dc2021-12-20 15:53:42.438root 11241100x8000000000000000754741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3573c3a7952fe6452021-12-20 15:53:42.438root 11241100x8000000000000000754742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5301d890c0523e6f2021-12-20 15:53:42.438root 11241100x8000000000000000754743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8427e6bbd715b8d02021-12-20 15:53:42.438root 11241100x8000000000000000754744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0784e38f66b34322021-12-20 15:53:42.438root 11241100x8000000000000000754745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6acec20fbe834ed2021-12-20 15:53:42.438root 11241100x8000000000000000754746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7272a16ee5c427bb2021-12-20 15:53:42.439root 11241100x8000000000000000754747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7376b2c8d075e5892021-12-20 15:53:42.924root 11241100x8000000000000000754748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e702d1d637c12042021-12-20 15:53:42.924root 11241100x8000000000000000754749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c0ee3fd304c5ae2021-12-20 15:53:42.924root 11241100x8000000000000000754750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cfc9ce7164c9fa2021-12-20 15:53:42.924root 11241100x8000000000000000754751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d01ecad59b22162021-12-20 15:53:42.925root 11241100x8000000000000000754752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17adc232d45a60d32021-12-20 15:53:42.925root 11241100x8000000000000000754753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a4d5efd61c08132021-12-20 15:53:42.925root 11241100x8000000000000000754754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66be33fa6f1cc9122021-12-20 15:53:42.925root 11241100x8000000000000000754755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab754882cc3283022021-12-20 15:53:42.925root 11241100x8000000000000000754756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7d073ec1ae9a9c2021-12-20 15:53:42.925root 11241100x8000000000000000754757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db852f4c9c9b291a2021-12-20 15:53:42.925root 11241100x8000000000000000754758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce429873b0046ee2021-12-20 15:53:42.925root 11241100x8000000000000000754759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c7da319bd99b642021-12-20 15:53:42.925root 11241100x8000000000000000754760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0d638ae66c0b812021-12-20 15:53:42.925root 11241100x8000000000000000754761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf0d0107ddafd212021-12-20 15:53:42.925root 11241100x8000000000000000754762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0543945fc826e392021-12-20 15:53:42.926root 11241100x8000000000000000754763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2766edecbb3ff52021-12-20 15:53:42.926root 11241100x8000000000000000754764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30fa645bb7a158a2021-12-20 15:53:42.926root 11241100x8000000000000000754765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c28789c2f35b5ea2021-12-20 15:53:42.926root 11241100x8000000000000000754766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1e9c408b768b0d2021-12-20 15:53:42.926root 11241100x8000000000000000754767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1547e283e4ba8a552021-12-20 15:53:42.926root 11241100x8000000000000000754768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2793a6463f01b3082021-12-20 15:53:42.926root 11241100x8000000000000000754769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b04b857e2558852021-12-20 15:53:42.926root 11241100x8000000000000000754770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882808afd67092492021-12-20 15:53:42.926root 11241100x8000000000000000754771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343985d5c84156e32021-12-20 15:53:42.927root 11241100x8000000000000000754772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a65075cfa481452021-12-20 15:53:42.927root 11241100x8000000000000000754773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1eaa6d07cc03ca2021-12-20 15:53:42.927root 11241100x8000000000000000754774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8993db267822d7e42021-12-20 15:53:42.927root 11241100x8000000000000000754775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2965eefd2a345b9e2021-12-20 15:53:42.927root 11241100x8000000000000000754776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea594510aa81d42c2021-12-20 15:53:42.927root 11241100x8000000000000000754777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f75cb16708845be2021-12-20 15:53:42.928root 11241100x8000000000000000754778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2e3c920133832f2021-12-20 15:53:42.928root 11241100x8000000000000000754779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a6c1976dae15412021-12-20 15:53:42.928root 11241100x8000000000000000754780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5c7989728e23572021-12-20 15:53:42.928root 11241100x8000000000000000754781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daefcbc8b4e9b302021-12-20 15:53:42.928root 11241100x8000000000000000754782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b60b6c0de99c6612021-12-20 15:53:42.928root 11241100x8000000000000000754783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083eba729e6e38382021-12-20 15:53:42.928root 11241100x8000000000000000754784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd611acc1e67b652021-12-20 15:53:42.929root 11241100x8000000000000000754785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1af38e0a1d2851c2021-12-20 15:53:42.929root 11241100x8000000000000000754786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddca3eff99f49a3c2021-12-20 15:53:42.929root 11241100x8000000000000000754787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf20aecd5f4d0c202021-12-20 15:53:42.929root 11241100x8000000000000000754788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b071d4e784863f2021-12-20 15:53:42.929root 11241100x8000000000000000754789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd9598aa3725baa2021-12-20 15:53:42.929root 11241100x8000000000000000754790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4858a75b68f2f82021-12-20 15:53:42.930root 11241100x8000000000000000754791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77c6b60cc2258692021-12-20 15:53:42.930root 11241100x8000000000000000754792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24ea49556a79fee2021-12-20 15:53:42.932root 11241100x8000000000000000754793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a864b8f4745c38922021-12-20 15:53:42.933root 11241100x8000000000000000754794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e589871a062066592021-12-20 15:53:42.933root 11241100x8000000000000000754795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c17d54f398e085f2021-12-20 15:53:42.933root 11241100x8000000000000000754796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ae686ea8e597b52021-12-20 15:53:42.933root 11241100x8000000000000000754797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288f08a68315c74b2021-12-20 15:53:42.933root 11241100x8000000000000000754798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19038c9229ef5fb2021-12-20 15:53:42.933root 11241100x8000000000000000754799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90b3aa246b99e7c2021-12-20 15:53:42.934root 11241100x8000000000000000754800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12484f5ed0416f92021-12-20 15:53:42.934root 11241100x8000000000000000754801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d67371377d2d6a2021-12-20 15:53:42.934root 11241100x8000000000000000754802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9415cf232050532021-12-20 15:53:42.934root 11241100x8000000000000000754803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72264c3f21889b622021-12-20 15:53:42.934root 11241100x8000000000000000754804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6ca4ef76fd0f712021-12-20 15:53:42.934root 11241100x8000000000000000754805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3134f55ce10dc102021-12-20 15:53:42.934root 11241100x8000000000000000754806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172ae90f8639be3b2021-12-20 15:53:42.934root 11241100x8000000000000000754807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32b350b9d7513502021-12-20 15:53:42.934root 11241100x8000000000000000754808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d5890d1a8a744f2021-12-20 15:53:42.934root 11241100x8000000000000000754809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f7f03b0368ffc02021-12-20 15:53:42.935root 11241100x8000000000000000754810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a23370f1dd56732021-12-20 15:53:42.935root 11241100x8000000000000000754811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2282d790af2dc59a2021-12-20 15:53:42.935root 11241100x8000000000000000754812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4468c2f24205b692021-12-20 15:53:42.935root 11241100x8000000000000000754813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b241963da9ecde02021-12-20 15:53:42.935root 11241100x8000000000000000754814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2df6fde46241662021-12-20 15:53:42.935root 11241100x8000000000000000754815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0163ca84a6386cc2021-12-20 15:53:42.935root 11241100x8000000000000000754816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5eceddec9a993f2021-12-20 15:53:42.935root 11241100x8000000000000000754817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4b483c0da0a8bd2021-12-20 15:53:42.935root 11241100x8000000000000000754818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed212cb17f753eb2021-12-20 15:53:42.935root 11241100x8000000000000000754819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3d488c71c7cc2a2021-12-20 15:53:42.936root 11241100x8000000000000000754820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cc55c110ba3c342021-12-20 15:53:42.936root 11241100x8000000000000000754821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8f73b30b52b0e72021-12-20 15:53:42.936root 11241100x8000000000000000754822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56da10a53980acd82021-12-20 15:53:42.936root 11241100x8000000000000000754823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242dc8b802c84fd92021-12-20 15:53:42.936root 11241100x8000000000000000754824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf010eedf6dc1012021-12-20 15:53:42.936root 11241100x8000000000000000754825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7682d5fd0975305d2021-12-20 15:53:42.936root 11241100x8000000000000000754826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ca96d8a01128202021-12-20 15:53:42.936root 11241100x8000000000000000754827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed44c141871434f2021-12-20 15:53:42.936root 11241100x8000000000000000754828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b039d78aea15c6e02021-12-20 15:53:42.936root 11241100x8000000000000000754829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5634dda2f21a79652021-12-20 15:53:42.936root 11241100x8000000000000000754830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bc3ca02f71a0182021-12-20 15:53:42.936root 11241100x8000000000000000754831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93d77dfe85670362021-12-20 15:53:42.936root 11241100x8000000000000000754832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e18d252e32f69812021-12-20 15:53:42.937root 11241100x8000000000000000754833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58dc3733e3888102021-12-20 15:53:42.937root 11241100x8000000000000000754834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1634cad732825a2021-12-20 15:53:42.937root 11241100x8000000000000000754835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36683cb43cb8b742021-12-20 15:53:42.937root 11241100x8000000000000000754836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c97d04f5704bda2021-12-20 15:53:42.937root 11241100x8000000000000000754837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05911247cf4309912021-12-20 15:53:42.937root 11241100x8000000000000000754838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7e9fe7138214092021-12-20 15:53:42.937root 11241100x8000000000000000754839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4f683742c109952021-12-20 15:53:42.937root 11241100x8000000000000000754840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b2f2787b7b5d0b2021-12-20 15:53:42.937root 11241100x8000000000000000754841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2943b62773fc38892021-12-20 15:53:42.938root 11241100x8000000000000000754842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ead91207d13dea2021-12-20 15:53:42.938root 11241100x8000000000000000754843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb75976ff5a47692021-12-20 15:53:42.938root 11241100x8000000000000000754844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea0e0130bb7f43f2021-12-20 15:53:42.938root 11241100x8000000000000000754845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46bee6e58b2a83e2021-12-20 15:53:42.938root 11241100x8000000000000000754846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fcb2773dfd8d242021-12-20 15:53:42.938root 11241100x8000000000000000754847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2445e2c1bf524d422021-12-20 15:53:42.938root 11241100x8000000000000000754848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2b5878667516ab2021-12-20 15:53:42.938root 11241100x8000000000000000754849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d550abb9a2291f62021-12-20 15:53:42.938root 11241100x8000000000000000754850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93a8f13125faf1f2021-12-20 15:53:42.938root 11241100x8000000000000000754851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5802657f194720a2021-12-20 15:53:42.940root 11241100x8000000000000000754852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5ff6da7e4679682021-12-20 15:53:42.940root 11241100x8000000000000000754853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ef87cd960e16f32021-12-20 15:53:42.940root 11241100x8000000000000000754854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903138c543b7c8102021-12-20 15:53:42.940root 11241100x8000000000000000754855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db3e03824452b662021-12-20 15:53:42.940root 11241100x8000000000000000754856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bae34b540f7a612021-12-20 15:53:42.941root 11241100x8000000000000000754857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e62f610260045e62021-12-20 15:53:42.941root 11241100x8000000000000000754858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6aabb4ef872ebe2021-12-20 15:53:42.941root 11241100x8000000000000000754859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b18aea3314e00d2021-12-20 15:53:42.941root 11241100x8000000000000000754860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8388da6db569aeaa2021-12-20 15:53:42.941root 11241100x8000000000000000754861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865d9c7cd9c221c12021-12-20 15:53:42.941root 11241100x8000000000000000754862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4221b7faf0799b2021-12-20 15:53:42.941root 11241100x8000000000000000754863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3d5a3a64be9d752021-12-20 15:53:42.941root 11241100x8000000000000000754864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284b48b30190306e2021-12-20 15:53:42.941root 11241100x8000000000000000754865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3c6b0f607a4be42021-12-20 15:53:42.941root 11241100x8000000000000000754866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b5a73b7d23b3d02021-12-20 15:53:42.942root 11241100x8000000000000000754867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55137973de3e0e7d2021-12-20 15:53:42.942root 11241100x8000000000000000754868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3c897d508fea0a2021-12-20 15:53:42.942root 11241100x8000000000000000754869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92db387521ef8f072021-12-20 15:53:42.942root 11241100x8000000000000000754870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233462432e5427d72021-12-20 15:53:42.942root 11241100x8000000000000000754871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4557128f081219632021-12-20 15:53:42.942root 11241100x8000000000000000754872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b65cb296ed73b622021-12-20 15:53:42.942root 11241100x8000000000000000754873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d8934dc13562602021-12-20 15:53:42.942root 11241100x8000000000000000754874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb9ef8381b5ea6b2021-12-20 15:53:42.942root 11241100x8000000000000000754875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eaca58665a5ed42021-12-20 15:53:42.942root 11241100x8000000000000000754876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a117316b139babfa2021-12-20 15:53:42.942root 11241100x8000000000000000754877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e9cc20634ffdf92021-12-20 15:53:42.943root 11241100x8000000000000000754878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9b572d012fa8272021-12-20 15:53:42.943root 11241100x8000000000000000754879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3832981260262d2021-12-20 15:53:42.943root 11241100x8000000000000000754880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581e98d2a5cf37ac2021-12-20 15:53:42.943root 11241100x8000000000000000754881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f667d8239cbf3eb42021-12-20 15:53:42.943root 11241100x8000000000000000754882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35422e323790d4ec2021-12-20 15:53:42.943root 11241100x8000000000000000754883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082c86c0caba8aa62021-12-20 15:53:42.943root 11241100x8000000000000000754884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e81820bfce84622021-12-20 15:53:42.943root 11241100x8000000000000000754885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b86e183f4580c672021-12-20 15:53:42.943root 11241100x8000000000000000754886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d96a113dc3c9122021-12-20 15:53:42.943root 11241100x8000000000000000754887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af6ad52267871472021-12-20 15:53:42.943root 11241100x8000000000000000754888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36084d1fac019b7f2021-12-20 15:53:42.944root 11241100x8000000000000000754889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e580b3f3145bd8782021-12-20 15:53:42.944root 11241100x8000000000000000754890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb6ec7db3347c782021-12-20 15:53:42.944root 11241100x8000000000000000754891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe4257778079d6c2021-12-20 15:53:42.944root 11241100x8000000000000000754892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded03943e5649c8a2021-12-20 15:53:42.944root 11241100x8000000000000000754893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14e78dffa97bf2a2021-12-20 15:53:42.944root 11241100x8000000000000000754894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e202ee0000ac372021-12-20 15:53:42.944root 11241100x8000000000000000754895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06793fa38de709422021-12-20 15:53:42.946root 11241100x8000000000000000754896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ef42408e77c9532021-12-20 15:53:42.946root 11241100x8000000000000000754897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e7f22f5bdd422b2021-12-20 15:53:42.946root 11241100x8000000000000000754898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562b9906a40a099c2021-12-20 15:53:42.947root 11241100x8000000000000000754899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9685e91f85f773d42021-12-20 15:53:42.947root 11241100x8000000000000000754900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e568c8a76353511e2021-12-20 15:53:42.947root 11241100x8000000000000000754901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d9c270a9abcd182021-12-20 15:53:42.947root 11241100x8000000000000000754902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7e6f01a3f2e6262021-12-20 15:53:42.947root 11241100x8000000000000000754903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e2c1c95e9ad2c92021-12-20 15:53:42.947root 11241100x8000000000000000754904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffee7d823fae4bdd2021-12-20 15:53:42.947root 11241100x8000000000000000754905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d08c78e44ffad8a2021-12-20 15:53:42.947root 11241100x8000000000000000754906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee94e1773bc4ee42021-12-20 15:53:42.947root 11241100x8000000000000000754907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965b65dac8993ab72021-12-20 15:53:42.947root 11241100x8000000000000000754908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29942a8183e016e82021-12-20 15:53:42.948root 11241100x8000000000000000754909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8424bd24e4d06382021-12-20 15:53:42.948root 11241100x8000000000000000754910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fc88b3456017a82021-12-20 15:53:42.948root 11241100x8000000000000000754911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e45e450797b3192021-12-20 15:53:42.948root 11241100x8000000000000000754912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b18d192735ea472021-12-20 15:53:42.948root 11241100x8000000000000000754913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2852da1fef864842021-12-20 15:53:42.948root 11241100x8000000000000000754914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2855a2efc78ac72021-12-20 15:53:42.948root 11241100x8000000000000000754915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f03a1de6944bb52021-12-20 15:53:42.948root 11241100x8000000000000000754916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016bb149441e77da2021-12-20 15:53:42.949root 11241100x8000000000000000754917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ba37a01b14edb22021-12-20 15:53:42.949root 11241100x8000000000000000754918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d184d6fdb35d7b12021-12-20 15:53:42.949root 11241100x8000000000000000754919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca84193394e62ef12021-12-20 15:53:42.949root 11241100x8000000000000000754920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ce956fcf0eb2172021-12-20 15:53:42.949root 11241100x8000000000000000754921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3000ffa91f8e3f2021-12-20 15:53:42.949root 11241100x8000000000000000754922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610a1f968ade03be2021-12-20 15:53:42.949root 11241100x8000000000000000754923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc815dbffd630cc2021-12-20 15:53:42.950root 11241100x8000000000000000754924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18b1141072280bc2021-12-20 15:53:42.950root 11241100x8000000000000000754925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aab797b1c1b35022021-12-20 15:53:42.950root 11241100x8000000000000000754926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9f62cbb42fee982021-12-20 15:53:42.950root 11241100x8000000000000000754927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a0d841fbda5cd82021-12-20 15:53:42.950root 11241100x8000000000000000754928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3f8e7f41d2c98a2021-12-20 15:53:42.950root 11241100x8000000000000000754929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7ed2b67023557b2021-12-20 15:53:42.950root 11241100x8000000000000000754930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290ba75cf2f13b7d2021-12-20 15:53:42.950root 11241100x8000000000000000754931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ca03712352a7b92021-12-20 15:53:42.950root 11241100x8000000000000000754932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb2a8e1ea74279a2021-12-20 15:53:42.950root 11241100x8000000000000000754933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f432953ed2b4232021-12-20 15:53:42.951root 11241100x8000000000000000754934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00756f21ce20acfd2021-12-20 15:53:42.951root 11241100x8000000000000000754935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9151f98102bb9b82021-12-20 15:53:42.951root 11241100x8000000000000000754936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da596ad307282ab2021-12-20 15:53:42.951root 11241100x8000000000000000754937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc1666c299578f52021-12-20 15:53:42.951root 11241100x8000000000000000754938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eab7ea52752cfc2021-12-20 15:53:42.951root 11241100x8000000000000000754939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98ef2e20bd94f8b2021-12-20 15:53:42.951root 11241100x8000000000000000754940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4fbc19106149d92021-12-20 15:53:42.951root 11241100x8000000000000000754941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72657af5235dccc82021-12-20 15:53:42.951root 11241100x8000000000000000754942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5246779e272642021-12-20 15:53:42.951root 11241100x8000000000000000754943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d25e076b0c290fb2021-12-20 15:53:42.952root 11241100x8000000000000000754944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d48182729038a052021-12-20 15:53:42.952root 11241100x8000000000000000754945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c38498b0ce3ab02021-12-20 15:53:42.952root 11241100x8000000000000000754946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c84787924896f3d2021-12-20 15:53:42.952root 11241100x8000000000000000754947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429e216959b7d32f2021-12-20 15:53:42.952root 11241100x8000000000000000754948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e4f0082ceb552d2021-12-20 15:53:42.952root 11241100x8000000000000000754949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ef71cfe0b020d52021-12-20 15:53:42.952root 11241100x8000000000000000754950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2f435758f8cc4c2021-12-20 15:53:42.952root 11241100x8000000000000000754951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8932ba5f2150b0bb2021-12-20 15:53:42.952root 11241100x8000000000000000754952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94578ad1583bd3252021-12-20 15:53:42.952root 11241100x8000000000000000754953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e724ee75d796f79d2021-12-20 15:53:42.953root 11241100x8000000000000000754954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc795b3c55032b532021-12-20 15:53:42.953root 11241100x8000000000000000754955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac6ed401ef704f52021-12-20 15:53:42.953root 11241100x8000000000000000754956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dae2c8fba214182021-12-20 15:53:42.953root 11241100x8000000000000000754957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2dcdea886c4f4e2021-12-20 15:53:42.953root 11241100x8000000000000000754958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0edea01a88a1882021-12-20 15:53:42.953root 11241100x8000000000000000754959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f35792722e0b502021-12-20 15:53:42.953root 11241100x8000000000000000754960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8717cf47d5f76132021-12-20 15:53:42.953root 11241100x8000000000000000754961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95da22d001449fc62021-12-20 15:53:42.954root 11241100x8000000000000000754962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655cdf7ce7c461302021-12-20 15:53:42.954root 11241100x8000000000000000754963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db069ed8bd0fdc32021-12-20 15:53:42.954root 11241100x8000000000000000754964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb784b63bff95a002021-12-20 15:53:42.954root 11241100x8000000000000000754965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5eb21ed19b36c392021-12-20 15:53:42.954root 11241100x8000000000000000754966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3f46175c66fec92021-12-20 15:53:43.424root 11241100x8000000000000000754967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d2e08ff6faa90f2021-12-20 15:53:43.424root 11241100x8000000000000000754968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cb1b1ec4cfb76e2021-12-20 15:53:43.424root 11241100x8000000000000000754969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6c60ffd9e640bd2021-12-20 15:53:43.424root 11241100x8000000000000000754970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5728c675c472edad2021-12-20 15:53:43.425root 11241100x8000000000000000754971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539c5507cdeaf3b72021-12-20 15:53:43.425root 11241100x8000000000000000754972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134fb11c5223ed7f2021-12-20 15:53:43.425root 11241100x8000000000000000754973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a3c6fd23b90aa92021-12-20 15:53:43.425root 11241100x8000000000000000754974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2703e61452312d62021-12-20 15:53:43.425root 11241100x8000000000000000754975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9175154866fe7272021-12-20 15:53:43.425root 11241100x8000000000000000754976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f4687a9547dad82021-12-20 15:53:43.425root 11241100x8000000000000000754977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01d52ca2f374d6a2021-12-20 15:53:43.425root 11241100x8000000000000000754978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c35534ab0468e392021-12-20 15:53:43.425root 11241100x8000000000000000754979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fcb75252a2c57a2021-12-20 15:53:43.425root 11241100x8000000000000000754980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbffc93b28aa42882021-12-20 15:53:43.426root 11241100x8000000000000000754981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded30d7d75fa71b42021-12-20 15:53:43.426root 11241100x8000000000000000754982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb89691e80281c632021-12-20 15:53:43.426root 11241100x8000000000000000754983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35423dc70f38e1a02021-12-20 15:53:43.426root 11241100x8000000000000000754984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cf68527d0c55a62021-12-20 15:53:43.426root 11241100x8000000000000000754985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353765cbd8b7f63c2021-12-20 15:53:43.426root 11241100x8000000000000000754986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29980e545cef78522021-12-20 15:53:43.426root 11241100x8000000000000000754987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9c0c6b0fbf27122021-12-20 15:53:43.426root 11241100x8000000000000000754988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0d717390aa9b662021-12-20 15:53:43.426root 11241100x8000000000000000754989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13409f686cf3b2222021-12-20 15:53:43.426root 11241100x8000000000000000754990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be784722a3c3b8a02021-12-20 15:53:43.426root 11241100x8000000000000000754991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ee142be5cb5b712021-12-20 15:53:43.427root 11241100x8000000000000000754992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc29e7fdb04dc2e2021-12-20 15:53:43.427root 11241100x8000000000000000754993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3ffc7dc9d640312021-12-20 15:53:43.427root 11241100x8000000000000000754994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4bedbea4785fb42021-12-20 15:53:43.427root 11241100x8000000000000000754995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d329e43dea49cc602021-12-20 15:53:43.427root 11241100x8000000000000000754996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88b7529f64938b72021-12-20 15:53:43.427root 11241100x8000000000000000754997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4366d81f4c990f702021-12-20 15:53:43.427root 11241100x8000000000000000754998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f6b4f28752acef2021-12-20 15:53:43.427root 11241100x8000000000000000754999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e017668c5c649e272021-12-20 15:53:43.427root 11241100x8000000000000000755000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86d87496626b1c52021-12-20 15:53:43.427root 11241100x8000000000000000755001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c45184ac7d7d3002021-12-20 15:53:43.427root 11241100x8000000000000000755002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dfcf0d3a7cd1122021-12-20 15:53:43.427root 11241100x8000000000000000755003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051f28448d1fa2f82021-12-20 15:53:43.428root 11241100x8000000000000000755004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325a2bc3d7b9ebbc2021-12-20 15:53:43.428root 11241100x8000000000000000755005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e32d667b880c242021-12-20 15:53:43.428root 11241100x8000000000000000755006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbe652f84d7f96f2021-12-20 15:53:43.428root 11241100x8000000000000000755007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0b6b9faff796432021-12-20 15:53:43.428root 11241100x8000000000000000755008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f79163aad9ae4fc2021-12-20 15:53:43.428root 11241100x8000000000000000755009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881daec677155d262021-12-20 15:53:43.429root 11241100x8000000000000000755010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cf962d2499606f2021-12-20 15:53:43.429root 11241100x8000000000000000755011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061371a777e14e842021-12-20 15:53:43.429root 11241100x8000000000000000755012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6446877f62b2f5d02021-12-20 15:53:43.429root 11241100x8000000000000000755013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6450ad08ddded1652021-12-20 15:53:43.429root 11241100x8000000000000000755014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3d7756ab34c3e72021-12-20 15:53:43.429root 11241100x8000000000000000755015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1960c762d92654f42021-12-20 15:53:43.429root 11241100x8000000000000000755016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d6cc03346606452021-12-20 15:53:43.924root 11241100x8000000000000000755017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ee7cb4494fe5052021-12-20 15:53:43.924root 11241100x8000000000000000755018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9fe53667874d092021-12-20 15:53:43.924root 11241100x8000000000000000755019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9256f8e8dffc01112021-12-20 15:53:43.924root 11241100x8000000000000000755020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770e676dd913bec62021-12-20 15:53:43.925root 11241100x8000000000000000755021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dec230a9acf2122021-12-20 15:53:43.925root 11241100x8000000000000000755022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f74ec3d08971e52021-12-20 15:53:43.925root 11241100x8000000000000000755023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bba3f69721eb352021-12-20 15:53:43.925root 11241100x8000000000000000755024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754e8c0b30ec3a522021-12-20 15:53:43.925root 11241100x8000000000000000755025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40887d432ddcf45e2021-12-20 15:53:43.925root 11241100x8000000000000000755026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1e256f69a3a0ad2021-12-20 15:53:43.925root 11241100x8000000000000000755027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c87463b8bf43a22021-12-20 15:53:43.925root 11241100x8000000000000000755028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f993076b12d092f02021-12-20 15:53:43.925root 11241100x8000000000000000755029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd91e9ddbe57e9d02021-12-20 15:53:43.925root 11241100x8000000000000000755030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e949669ddf9de3552021-12-20 15:53:43.925root 11241100x8000000000000000755031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc619bc3e51bc97b2021-12-20 15:53:43.925root 11241100x8000000000000000755032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e549b4c1fdaa7c7a2021-12-20 15:53:43.925root 11241100x8000000000000000755033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0adb6ba42f9be0b2021-12-20 15:53:43.925root 11241100x8000000000000000755034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fc0dfa9e319a772021-12-20 15:53:43.925root 11241100x8000000000000000755035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae74a79932eb1f182021-12-20 15:53:43.925root 11241100x8000000000000000755036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820d5cbb15e65d862021-12-20 15:53:43.926root 11241100x8000000000000000755037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3199283f7dd4782021-12-20 15:53:43.926root 11241100x8000000000000000755038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d2c579e7b1294b2021-12-20 15:53:43.926root 11241100x8000000000000000755039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fc723fbd6d693e2021-12-20 15:53:43.926root 11241100x8000000000000000755040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4beb4b5c10ffd22021-12-20 15:53:43.926root 11241100x8000000000000000755041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a30e31968f222e2021-12-20 15:53:43.926root 11241100x8000000000000000755042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21de81ccaca83bd72021-12-20 15:53:43.926root 11241100x8000000000000000755043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fac9d77d55e8542021-12-20 15:53:43.926root 11241100x8000000000000000755044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f06fb147884bf62021-12-20 15:53:43.926root 11241100x8000000000000000755045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf438763ba0270642021-12-20 15:53:43.926root 11241100x8000000000000000755046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785c90c95b3ef1342021-12-20 15:53:43.926root 11241100x8000000000000000755047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f3cc58dab997352021-12-20 15:53:43.926root 11241100x8000000000000000755048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526a6a656cfc1c342021-12-20 15:53:43.926root 11241100x8000000000000000755049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161e012d261790372021-12-20 15:53:43.926root 11241100x8000000000000000755050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf27b14946a8beff2021-12-20 15:53:43.926root 11241100x8000000000000000755051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f4dc09ad0a660a2021-12-20 15:53:43.926root 11241100x8000000000000000755052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26979896bf5323f32021-12-20 15:53:43.927root 11241100x8000000000000000755053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6155b47cb30d78922021-12-20 15:53:43.927root 11241100x8000000000000000755054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d67a3db268875d2021-12-20 15:53:43.927root 11241100x8000000000000000755055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9feb519d0ea8f72021-12-20 15:53:43.927root 11241100x8000000000000000755056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3130beffc8e33dd2021-12-20 15:53:43.927root 11241100x8000000000000000755057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412a8d1abebd6d772021-12-20 15:53:43.927root 11241100x8000000000000000755058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a79e6ffe227f642021-12-20 15:53:43.927root 11241100x8000000000000000755059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35511a38d10dd162021-12-20 15:53:43.927root 11241100x8000000000000000755060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82636eb562d3ff0b2021-12-20 15:53:43.927root 11241100x8000000000000000755061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa055519b3d434ff2021-12-20 15:53:43.927root 11241100x8000000000000000755062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8620245fd498db522021-12-20 15:53:43.927root 11241100x8000000000000000755063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b695ab6f7a25cc32021-12-20 15:53:43.928root 11241100x8000000000000000755064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28923ed2899cdfc2021-12-20 15:53:43.928root 11241100x8000000000000000755065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b103451e91eff3512021-12-20 15:53:43.928root 11241100x8000000000000000755066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79fd7df636ed0012021-12-20 15:53:43.928root 11241100x8000000000000000755067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca8ce503ef31adf2021-12-20 15:53:43.928root 11241100x8000000000000000755068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114683053f0bb7982021-12-20 15:53:43.928root 11241100x8000000000000000755069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770ef05ec071b5c32021-12-20 15:53:43.928root 11241100x8000000000000000755070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10c6f4cde3ecda12021-12-20 15:53:43.928root 11241100x8000000000000000755071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98abab247e77b6a72021-12-20 15:53:43.929root 11241100x8000000000000000755072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea370a0075fc1da2021-12-20 15:53:44.424root 11241100x8000000000000000755073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6546b6728afe61b62021-12-20 15:53:44.424root 11241100x8000000000000000755074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18f0018d337c18a2021-12-20 15:53:44.425root 11241100x8000000000000000755075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab5b14c962f13d82021-12-20 15:53:44.425root 11241100x8000000000000000755076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff75f9a19a3f08a2021-12-20 15:53:44.425root 11241100x8000000000000000755077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524990ba6c460d8f2021-12-20 15:53:44.425root 11241100x8000000000000000755078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba364952e33e34f22021-12-20 15:53:44.425root 11241100x8000000000000000755079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8670af48b37be14c2021-12-20 15:53:44.425root 11241100x8000000000000000755080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa77f30285e527d2021-12-20 15:53:44.425root 11241100x8000000000000000755081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dff1c940dee497f2021-12-20 15:53:44.425root 11241100x8000000000000000755082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89930b344c0ee5d32021-12-20 15:53:44.425root 11241100x8000000000000000755083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd87e83917c33e612021-12-20 15:53:44.425root 11241100x8000000000000000755084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db290e51b9f499642021-12-20 15:53:44.425root 11241100x8000000000000000755085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2ff236dff02a0b2021-12-20 15:53:44.425root 11241100x8000000000000000755086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18267ec2982538092021-12-20 15:53:44.426root 11241100x8000000000000000755087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755860871da8579e2021-12-20 15:53:44.426root 11241100x8000000000000000755088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0334dc054bc0322021-12-20 15:53:44.426root 11241100x8000000000000000755089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea00be5aca68f4b82021-12-20 15:53:44.426root 11241100x8000000000000000755090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7c17bb4f3385952021-12-20 15:53:44.426root 11241100x8000000000000000755091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41f3b637a7de5512021-12-20 15:53:44.426root 11241100x8000000000000000755092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396e6f1b495daf662021-12-20 15:53:44.426root 11241100x8000000000000000755093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2990ae3a4ac8c82021-12-20 15:53:44.426root 11241100x8000000000000000755094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e25447848e3955d2021-12-20 15:53:44.426root 11241100x8000000000000000755095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e415bc540588c52021-12-20 15:53:44.426root 11241100x8000000000000000755096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf78db72a7a103d52021-12-20 15:53:44.426root 11241100x8000000000000000755097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e799c1fc0ed60e0c2021-12-20 15:53:44.427root 11241100x8000000000000000755098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48e02bbadcb6e3a2021-12-20 15:53:44.427root 11241100x8000000000000000755099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89b9f773020b9792021-12-20 15:53:44.427root 11241100x8000000000000000755100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f3ec96f4199ac52021-12-20 15:53:44.427root 11241100x8000000000000000755101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9963803afabe1492021-12-20 15:53:44.427root 11241100x8000000000000000755102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f4ebb9c05743012021-12-20 15:53:44.427root 11241100x8000000000000000755103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cff5595138c49bc2021-12-20 15:53:44.427root 11241100x8000000000000000755104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c1d46d5cfdbe832021-12-20 15:53:44.427root 11241100x8000000000000000755105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927a1f70d4c549d32021-12-20 15:53:44.427root 11241100x8000000000000000755106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5086c55f1143c2282021-12-20 15:53:44.428root 11241100x8000000000000000755107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e293489f5c3e852021-12-20 15:53:44.428root 11241100x8000000000000000755108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e3b89e5cc758b02021-12-20 15:53:44.428root 11241100x8000000000000000755109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df78cdcf342cc5c82021-12-20 15:53:44.428root 11241100x8000000000000000755110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba93083d46e2f9c2021-12-20 15:53:44.428root 11241100x8000000000000000755111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f5974f3b8477732021-12-20 15:53:44.428root 11241100x8000000000000000755112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4c1089f2a79cc22021-12-20 15:53:44.428root 11241100x8000000000000000755113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee86fc936d6a02b2021-12-20 15:53:44.428root 11241100x8000000000000000755114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc63fde14365ebf42021-12-20 15:53:44.428root 11241100x8000000000000000755115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0828ff47e9eaf52021-12-20 15:53:44.428root 11241100x8000000000000000755116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205bc2732eaec4b22021-12-20 15:53:44.428root 11241100x8000000000000000755117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1047d0f9167e6eae2021-12-20 15:53:44.428root 11241100x8000000000000000755118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e610e15554348a4c2021-12-20 15:53:44.429root 11241100x8000000000000000755119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3efaaa0e05407d2021-12-20 15:53:44.429root 11241100x8000000000000000755120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ac9e8cf51cccc12021-12-20 15:53:44.429root 11241100x8000000000000000755121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e7ef476ebfe7482021-12-20 15:53:44.429root 11241100x8000000000000000755122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95828a3a893682852021-12-20 15:53:44.429root 11241100x8000000000000000755123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c53101332cca262021-12-20 15:53:44.429root 11241100x8000000000000000755124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596372e5d0020f192021-12-20 15:53:44.429root 11241100x8000000000000000755125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55e377318a04f612021-12-20 15:53:44.429root 11241100x8000000000000000755126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7d9d4f83d4f8982021-12-20 15:53:44.429root 11241100x8000000000000000755127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b93f6c087799ff92021-12-20 15:53:44.429root 11241100x8000000000000000755128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b995e8baa91a67f72021-12-20 15:53:44.429root 11241100x8000000000000000755129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5826a38bb37ba08d2021-12-20 15:53:44.429root 11241100x8000000000000000755130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4090ae72e9b9c1342021-12-20 15:53:44.430root 11241100x8000000000000000755131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789a8b97783584112021-12-20 15:53:44.924root 11241100x8000000000000000755132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b08217a4ae97a22021-12-20 15:53:44.924root 11241100x8000000000000000755133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1b98abac4779ff2021-12-20 15:53:44.924root 11241100x8000000000000000755134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22082216f09075c2021-12-20 15:53:44.924root 11241100x8000000000000000755135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade16acfc86f18842021-12-20 15:53:44.924root 11241100x8000000000000000755136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615a72082654c7d72021-12-20 15:53:44.924root 11241100x8000000000000000755137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32544a4ecc6bb7b2021-12-20 15:53:44.925root 11241100x8000000000000000755138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bfdb7e0c3828472021-12-20 15:53:44.925root 11241100x8000000000000000755139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4892e0ec7da56b332021-12-20 15:53:44.925root 11241100x8000000000000000755140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755c9f6ff90486082021-12-20 15:53:44.925root 11241100x8000000000000000755141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5e0fa8f1fcdae82021-12-20 15:53:44.925root 11241100x8000000000000000755142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a731a3ced6006f12021-12-20 15:53:44.925root 11241100x8000000000000000755143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f556184ff2cf0c2021-12-20 15:53:44.925root 11241100x8000000000000000755144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0105a16045ab3b2021-12-20 15:53:44.925root 11241100x8000000000000000755145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686b4af47f5c885a2021-12-20 15:53:44.925root 11241100x8000000000000000755146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f4a01474d872cd2021-12-20 15:53:44.926root 11241100x8000000000000000755147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a0516648e3e4342021-12-20 15:53:44.926root 11241100x8000000000000000755148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb5a85140152e342021-12-20 15:53:44.926root 11241100x8000000000000000755149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3edabfd15be1482021-12-20 15:53:44.926root 11241100x8000000000000000755150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be9b1269c2ba4ec2021-12-20 15:53:44.926root 11241100x8000000000000000755151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2c4736d184080f2021-12-20 15:53:44.926root 11241100x8000000000000000755152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8430b765eb85232021-12-20 15:53:44.926root 11241100x8000000000000000755153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a034e92d0cb7ae302021-12-20 15:53:44.927root 11241100x8000000000000000755154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493275956681d78e2021-12-20 15:53:44.927root 11241100x8000000000000000755155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833abb9994ed5d6e2021-12-20 15:53:44.927root 11241100x8000000000000000755156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7f7be60e577ab72021-12-20 15:53:44.927root 11241100x8000000000000000755157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a3fd426119f4972021-12-20 15:53:44.927root 11241100x8000000000000000755158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82e385abf8884772021-12-20 15:53:44.928root 11241100x8000000000000000755159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc308b836cead1b2021-12-20 15:53:44.928root 11241100x8000000000000000755160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b775fe7fbc5ace2021-12-20 15:53:44.928root 11241100x8000000000000000755161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89a5ff83ea3c5412021-12-20 15:53:44.928root 11241100x8000000000000000755162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ef9f1e4d399d772021-12-20 15:53:44.931root 11241100x8000000000000000755163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99094031f10c9462021-12-20 15:53:44.932root 11241100x8000000000000000755164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98da24fc1eb38eb2021-12-20 15:53:44.932root 11241100x8000000000000000755165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5714082460447bc72021-12-20 15:53:44.932root 11241100x8000000000000000755166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b653703ef1300ba22021-12-20 15:53:44.932root 11241100x8000000000000000755167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e0cdbcb1108b5e2021-12-20 15:53:44.932root 11241100x8000000000000000755168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103ffd22632d90c82021-12-20 15:53:44.932root 11241100x8000000000000000755169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91abc5bb348ce6672021-12-20 15:53:44.932root 11241100x8000000000000000755170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28b74fc6303c8e12021-12-20 15:53:44.932root 11241100x8000000000000000755171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d2423e3cb4a7832021-12-20 15:53:44.932root 11241100x8000000000000000755172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d063a88c59cf632021-12-20 15:53:44.933root 11241100x8000000000000000755173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a2d8baf7841e062021-12-20 15:53:44.933root 11241100x8000000000000000755174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b0a13fe294e7f22021-12-20 15:53:44.933root 11241100x8000000000000000755175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe86449099299932021-12-20 15:53:44.933root 11241100x8000000000000000755176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3518b3b78343d2f72021-12-20 15:53:44.933root 11241100x8000000000000000755177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8edf395b35f04e2021-12-20 15:53:44.933root 11241100x8000000000000000755178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817f0e1c2a8cbd542021-12-20 15:53:44.933root 11241100x8000000000000000755179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c06506f48a817f32021-12-20 15:53:44.933root 11241100x8000000000000000755180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1fd36e3ac9afd22021-12-20 15:53:44.933root 11241100x8000000000000000755181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce4bc92cc0201372021-12-20 15:53:44.933root 11241100x8000000000000000755182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f66d320aa45bcb2021-12-20 15:53:44.933root 11241100x8000000000000000755183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f214f200fea75502021-12-20 15:53:44.934root 11241100x8000000000000000755184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c050f5bc7daa04a42021-12-20 15:53:44.934root 11241100x8000000000000000755185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c28bb463d4806c62021-12-20 15:53:44.934root 11241100x8000000000000000755186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3194ece521839b8c2021-12-20 15:53:44.934root 11241100x8000000000000000755187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a6d3d1816bc7ed2021-12-20 15:53:44.934root 11241100x8000000000000000755188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9924baede3db31a2021-12-20 15:53:44.934root 11241100x8000000000000000755189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd593a5fd4a628a2021-12-20 15:53:44.934root 11241100x8000000000000000755190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac5395eb65d57302021-12-20 15:53:44.934root 11241100x8000000000000000755191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743b586e360f7f7a2021-12-20 15:53:44.934root 11241100x8000000000000000755192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b5fed4f652b8782021-12-20 15:53:44.934root 11241100x8000000000000000755193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8c99e32145229e2021-12-20 15:53:44.935root 11241100x8000000000000000755194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab22100918aa53b2021-12-20 15:53:45.425root 11241100x8000000000000000755195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afc34cead137e1f2021-12-20 15:53:45.426root 11241100x8000000000000000755196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af01de868cdcf2d32021-12-20 15:53:45.426root 11241100x8000000000000000755197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074ac05ea306eb192021-12-20 15:53:45.426root 11241100x8000000000000000755198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a0976ea2cca24f2021-12-20 15:53:45.426root 11241100x8000000000000000755199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa03d6e891cb76b2021-12-20 15:53:45.427root 11241100x8000000000000000755200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2b23a443ae84602021-12-20 15:53:45.427root 11241100x8000000000000000755201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97df6567bd11afe82021-12-20 15:53:45.427root 11241100x8000000000000000755202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d44fc293b906e9c2021-12-20 15:53:45.427root 11241100x8000000000000000755203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211451546c1bfaea2021-12-20 15:53:45.428root 11241100x8000000000000000755204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb6089e9b176e2b2021-12-20 15:53:45.428root 11241100x8000000000000000755205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4266a495a467a1f2021-12-20 15:53:45.428root 11241100x8000000000000000755206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57533d0aba58f1c62021-12-20 15:53:45.428root 11241100x8000000000000000755207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479d3e2054ee68152021-12-20 15:53:45.428root 11241100x8000000000000000755208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3924c70bcc06aa2021-12-20 15:53:45.429root 11241100x8000000000000000755209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e9acbe03141f602021-12-20 15:53:45.429root 11241100x8000000000000000755210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645b2b9903fc9d6c2021-12-20 15:53:45.429root 11241100x8000000000000000755211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c027f700ac8d4c2d2021-12-20 15:53:45.429root 11241100x8000000000000000755212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47303917dbd83db2021-12-20 15:53:45.429root 11241100x8000000000000000755213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e657700fa8cd82892021-12-20 15:53:45.429root 11241100x8000000000000000755214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229da8c703f51ecd2021-12-20 15:53:45.433root 11241100x8000000000000000755215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c218553a9b042652021-12-20 15:53:45.433root 11241100x8000000000000000755216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483b3acab42039eb2021-12-20 15:53:45.433root 11241100x8000000000000000755217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bde4fada933024b2021-12-20 15:53:45.433root 11241100x8000000000000000755218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c601dd97a226aeb2021-12-20 15:53:45.433root 11241100x8000000000000000755219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85bb64e37fe603b2021-12-20 15:53:45.433root 11241100x8000000000000000755220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3c89a78ae140262021-12-20 15:53:45.433root 11241100x8000000000000000755221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daac82b4f2e13452021-12-20 15:53:45.434root 11241100x8000000000000000755222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9459f7656944e42021-12-20 15:53:45.434root 11241100x8000000000000000755223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24374133b9dbfb6e2021-12-20 15:53:45.434root 11241100x8000000000000000755224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75d558ee2a605242021-12-20 15:53:45.434root 11241100x8000000000000000755225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0a32fcf2b84c012021-12-20 15:53:45.434root 11241100x8000000000000000755226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b181fe55d32269352021-12-20 15:53:45.434root 11241100x8000000000000000755227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f202c0f744585c62021-12-20 15:53:45.434root 11241100x8000000000000000755228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10849040061aa5182021-12-20 15:53:45.434root 11241100x8000000000000000755229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6999985cd976ecfe2021-12-20 15:53:45.434root 11241100x8000000000000000755230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6dc4a0be097b912021-12-20 15:53:45.435root 11241100x8000000000000000755231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b0000f69e2a8d92021-12-20 15:53:45.435root 11241100x8000000000000000755232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fef8e9fdcbd7ef92021-12-20 15:53:45.435root 11241100x8000000000000000755233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ec005be60211b72021-12-20 15:53:45.435root 11241100x8000000000000000755234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2104e3fa36a57852021-12-20 15:53:45.435root 11241100x8000000000000000755235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f5d6356b0bf7382021-12-20 15:53:45.435root 11241100x8000000000000000755236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d32aababcda1022021-12-20 15:53:45.435root 11241100x8000000000000000755237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15705729ac985312021-12-20 15:53:45.435root 11241100x8000000000000000755238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0d01fd7b308f5f2021-12-20 15:53:45.435root 11241100x8000000000000000755239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9e414f9290b37a2021-12-20 15:53:45.436root 11241100x8000000000000000755240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc1bcbd2953be3e2021-12-20 15:53:45.924root 11241100x8000000000000000755241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e98a76edf0ef112021-12-20 15:53:45.924root 11241100x8000000000000000755242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d1cb83410258e02021-12-20 15:53:45.924root 11241100x8000000000000000755243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac3afbb82e8ecc32021-12-20 15:53:45.924root 11241100x8000000000000000755244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef7af0760bc4e082021-12-20 15:53:45.925root 11241100x8000000000000000755245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c672c159d3065082021-12-20 15:53:45.925root 11241100x8000000000000000755246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d9fc008154c5e82021-12-20 15:53:45.925root 11241100x8000000000000000755247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eb3ef82291d4d92021-12-20 15:53:45.925root 11241100x8000000000000000755248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea120439e2d900fe2021-12-20 15:53:45.925root 11241100x8000000000000000755249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439c613324e324652021-12-20 15:53:45.925root 11241100x8000000000000000755250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412a0870e7bb14d12021-12-20 15:53:45.925root 11241100x8000000000000000755251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc534f015ba5a9722021-12-20 15:53:45.925root 11241100x8000000000000000755252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a019e654f41f1c2021-12-20 15:53:45.925root 11241100x8000000000000000755253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e20db49fc155c1a2021-12-20 15:53:45.925root 11241100x8000000000000000755254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecfea5033c4a1b92021-12-20 15:53:45.925root 11241100x8000000000000000755255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ae3b67a649e6e12021-12-20 15:53:45.926root 11241100x8000000000000000755256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55aa8ea03c6110392021-12-20 15:53:45.926root 11241100x8000000000000000755257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef61e43bc548aba42021-12-20 15:53:45.927root 11241100x8000000000000000755258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab0f2a830a5a7d32021-12-20 15:53:45.927root 11241100x8000000000000000755259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f97ca66718112212021-12-20 15:53:45.928root 11241100x8000000000000000755260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa42e4530ae897602021-12-20 15:53:45.928root 11241100x8000000000000000755261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f631dce84283ff72021-12-20 15:53:45.928root 11241100x8000000000000000755262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc842a4698d20cee2021-12-20 15:53:45.928root 11241100x8000000000000000755263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb883e20f69bc2172021-12-20 15:53:45.928root 11241100x8000000000000000755264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa7dbf12b8aa90f2021-12-20 15:53:45.928root 11241100x8000000000000000755265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splu