11241100x80000000000000004017495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481b93f67fcc94582021-12-22 12:43:25.193root 11241100x80000000000000004017496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d2298844468e052021-12-22 12:43:25.193root 11241100x80000000000000004017497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0944d628a384462021-12-22 12:43:25.193root 11241100x80000000000000004017498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebc6c8e7b1d8c342021-12-22 12:43:25.193root 11241100x80000000000000004017499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a80a144bbcebff2021-12-22 12:43:25.193root 11241100x80000000000000004017500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77522c6e86314e662021-12-22 12:43:25.193root 11241100x80000000000000004017501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a926118e9be63ac12021-12-22 12:43:25.193root 11241100x80000000000000004017502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88774283dfe911962021-12-22 12:43:25.194root 11241100x80000000000000004017503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00328ee07f17ff0e2021-12-22 12:43:25.194root 11241100x80000000000000004017504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b92d8946dc694232021-12-22 12:43:25.194root 11241100x80000000000000004017505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06af59c9bee8f332021-12-22 12:43:25.194root 11241100x80000000000000004017506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412817b98b72652f2021-12-22 12:43:25.194root 11241100x80000000000000004017507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d65259499e56ab2021-12-22 12:43:25.194root 11241100x80000000000000004017508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0837e0f15e4844c42021-12-22 12:43:25.194root 11241100x80000000000000004017509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcf35211a04e8ed2021-12-22 12:43:25.195root 11241100x80000000000000004017510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a07c2ea922ea4c2021-12-22 12:43:25.195root 11241100x80000000000000004017511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f5a9d47796b6ff2021-12-22 12:43:25.195root 11241100x80000000000000004017512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f35747044037cc22021-12-22 12:43:25.195root 11241100x80000000000000004017513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b702cec17b075f2021-12-22 12:43:25.195root 11241100x80000000000000004017514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28239454643eb002021-12-22 12:43:25.195root 11241100x80000000000000004017515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea90e9cadfcc7b6c2021-12-22 12:43:25.195root 11241100x80000000000000004017516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f6ebc1908d48282021-12-22 12:43:25.196root 11241100x80000000000000004017517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96bcd986347ac462021-12-22 12:43:25.196root 11241100x80000000000000004017518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ff5b6a9586777b2021-12-22 12:43:25.196root 11241100x80000000000000004017519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c19a5bdec5b7b82021-12-22 12:43:25.196root 11241100x80000000000000004017520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4175aea8fd67755c2021-12-22 12:43:25.196root 11241100x80000000000000004017521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e860479588f1cecc2021-12-22 12:43:25.196root 11241100x80000000000000004017522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af110edf34926e02021-12-22 12:43:25.196root 11241100x80000000000000004017523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2b4a427b9b8ff42021-12-22 12:43:25.196root 11241100x80000000000000004017524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12f95a25c1a47a2021-12-22 12:43:25.196root 11241100x80000000000000004017525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed1e4bc8d4b9de32021-12-22 12:43:25.196root 11241100x80000000000000004017526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7911b0e591b7772021-12-22 12:43:25.196root 11241100x80000000000000004017527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6f08b98c6f1eba2021-12-22 12:43:25.197root 11241100x80000000000000004017528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6936a75616d069632021-12-22 12:43:25.197root 11241100x80000000000000004017529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91a55a12cb9e1612021-12-22 12:43:25.197root 11241100x80000000000000004017530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc196c70e57e1252021-12-22 12:43:25.197root 11241100x80000000000000004017531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60f3695f1bea59f2021-12-22 12:43:25.197root 11241100x80000000000000004017532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665f5dbccc4146992021-12-22 12:43:25.197root 11241100x80000000000000004017533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61319c2ab5f694de2021-12-22 12:43:25.197root 11241100x80000000000000004017534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2520a0828508d02021-12-22 12:43:25.693root 11241100x80000000000000004017535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b755b57c38b0fce52021-12-22 12:43:25.693root 11241100x80000000000000004017536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c69add6fd995cb2021-12-22 12:43:25.693root 11241100x80000000000000004017537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e76c9fcb72d9182021-12-22 12:43:25.693root 11241100x80000000000000004017538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2b34716c5f163a2021-12-22 12:43:25.693root 11241100x80000000000000004017539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356f12e8cfa318002021-12-22 12:43:25.694root 11241100x80000000000000004017540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c1aa42998c76872021-12-22 12:43:25.694root 11241100x80000000000000004017541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696d0097866724662021-12-22 12:43:25.694root 11241100x80000000000000004017542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3266f7ae806a0962021-12-22 12:43:25.694root 11241100x80000000000000004017543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b46a6a0ca8acc22021-12-22 12:43:25.694root 11241100x80000000000000004017544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d933307534ac992021-12-22 12:43:25.694root 11241100x80000000000000004017545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72770fb16e18a13f2021-12-22 12:43:25.694root 11241100x80000000000000004017546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c758b28db00af1502021-12-22 12:43:25.695root 11241100x80000000000000004017547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0772aba7f52307dc2021-12-22 12:43:25.695root 11241100x80000000000000004017548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d1ecb9c627c6822021-12-22 12:43:25.695root 11241100x80000000000000004017549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b06b6eeaee2e8b2021-12-22 12:43:25.695root 11241100x80000000000000004017550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135fcadc5345a0782021-12-22 12:43:25.695root 11241100x80000000000000004017551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a55b0bb27b491e2021-12-22 12:43:25.695root 11241100x80000000000000004017552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57970c887c474cd62021-12-22 12:43:25.695root 11241100x80000000000000004017553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4a1ce792d941782021-12-22 12:43:25.696root 11241100x80000000000000004017554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa524b7a9fa6a7692021-12-22 12:43:25.696root 11241100x80000000000000004017555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc573fe5e5996bd52021-12-22 12:43:25.696root 11241100x80000000000000004017556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb01b1dd40d8f022021-12-22 12:43:25.696root 11241100x80000000000000004017557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbfcdd8853ee7db2021-12-22 12:43:25.696root 11241100x80000000000000004017558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9322e40b0481eace2021-12-22 12:43:25.697root 11241100x80000000000000004017559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e6d1eb12a9725b2021-12-22 12:43:25.697root 11241100x80000000000000004017560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1f6f5059f0926f2021-12-22 12:43:25.697root 11241100x80000000000000004017561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9483f4835af1336f2021-12-22 12:43:25.697root 11241100x80000000000000004017562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec57eaf57add3bb2021-12-22 12:43:25.698root 11241100x80000000000000004017563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eae0619818acce72021-12-22 12:43:25.698root 11241100x80000000000000004017564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa50861c23ce4f252021-12-22 12:43:25.698root 11241100x80000000000000004017565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f01d080216b624e2021-12-22 12:43:26.193root 11241100x80000000000000004017566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b3b3bf419501fa2021-12-22 12:43:26.194root 11241100x80000000000000004017567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7279714a169b3492021-12-22 12:43:26.195root 11241100x80000000000000004017568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c864087a0efe8ce32021-12-22 12:43:26.195root 11241100x80000000000000004017569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99f1b5121bdd9c42021-12-22 12:43:26.195root 11241100x80000000000000004017570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612f06cc458a8bec2021-12-22 12:43:26.196root 11241100x80000000000000004017571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cd742a441ffcd82021-12-22 12:43:26.196root 11241100x80000000000000004017572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2566175d5ee4c82021-12-22 12:43:26.196root 11241100x80000000000000004017573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670ed7fe2b1ce3322021-12-22 12:43:26.196root 11241100x80000000000000004017574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd81241958585ed22021-12-22 12:43:26.196root 11241100x80000000000000004017575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b73eb96547434d32021-12-22 12:43:26.196root 11241100x80000000000000004017576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27acbd58d31aee092021-12-22 12:43:26.196root 11241100x80000000000000004017577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541638c1de8764292021-12-22 12:43:26.196root 11241100x80000000000000004017578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b085f5e97541b4fa2021-12-22 12:43:26.196root 11241100x80000000000000004017579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0b7134573b08052021-12-22 12:43:26.196root 11241100x80000000000000004017580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d656cf6e16a8be12021-12-22 12:43:26.196root 11241100x80000000000000004017581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e05a99cae5cdab22021-12-22 12:43:26.196root 11241100x80000000000000004017582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7faf74cd4ab59e2021-12-22 12:43:26.196root 11241100x80000000000000004017583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d1b4c856ab1492021-12-22 12:43:26.196root 11241100x80000000000000004017584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2810290c9f0d3582021-12-22 12:43:26.196root 11241100x80000000000000004017585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a72f65116661f932021-12-22 12:43:26.196root 11241100x80000000000000004017586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20920b348e391d722021-12-22 12:43:26.197root 11241100x80000000000000004017587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc19e5fd43d8d852021-12-22 12:43:26.197root 11241100x80000000000000004017588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05394467b620731a2021-12-22 12:43:26.197root 11241100x80000000000000004017589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229794968d0b73b62021-12-22 12:43:26.197root 11241100x80000000000000004017590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de7a629f89bcd0b2021-12-22 12:43:26.197root 11241100x80000000000000004017591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b63d4bfd4b7cc742021-12-22 12:43:26.197root 11241100x80000000000000004017592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9bed751840b56b2021-12-22 12:43:26.197root 11241100x80000000000000004017593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a686eaea85abc3d2021-12-22 12:43:26.197root 11241100x80000000000000004017594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be22841c247bdfa2021-12-22 12:43:26.197root 11241100x80000000000000004017595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4296d6b6bddde5f42021-12-22 12:43:26.693root 11241100x80000000000000004017596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6754de5abbde6edd2021-12-22 12:43:26.693root 11241100x80000000000000004017597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e9641e8d9491b12021-12-22 12:43:26.694root 11241100x80000000000000004017598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294bec32c60d04e12021-12-22 12:43:26.694root 11241100x80000000000000004017599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8861b6e653bba9f72021-12-22 12:43:26.695root 11241100x80000000000000004017600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28ff13a96f29a212021-12-22 12:43:26.695root 11241100x80000000000000004017601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b535b9915be18c02021-12-22 12:43:26.695root 11241100x80000000000000004017602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa399d1ecbe6c592021-12-22 12:43:26.695root 11241100x80000000000000004017603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff28df7a44fc7f42021-12-22 12:43:26.695root 11241100x80000000000000004017604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eb8eed5397db232021-12-22 12:43:26.695root 11241100x80000000000000004017605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a72f67dee8c9b962021-12-22 12:43:26.698root 11241100x80000000000000004017606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f1723efc4c8c9e2021-12-22 12:43:26.698root 11241100x80000000000000004017607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ecba301380b8c32021-12-22 12:43:26.698root 11241100x80000000000000004017608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970986853af8eff02021-12-22 12:43:26.699root 11241100x80000000000000004017609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345b3532091eed9f2021-12-22 12:43:26.699root 11241100x80000000000000004017610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb31b61987e2d6e32021-12-22 12:43:26.699root 11241100x80000000000000004017611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9c305f8d37f2de2021-12-22 12:43:26.699root 11241100x80000000000000004017612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e64fd3bf08afe42021-12-22 12:43:26.699root 11241100x80000000000000004017613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6de33006553c4392021-12-22 12:43:26.699root 11241100x80000000000000004017614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fc16b5c916412a2021-12-22 12:43:26.699root 11241100x80000000000000004017615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00e70ccb72f0aad2021-12-22 12:43:26.699root 11241100x80000000000000004017616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe8476c4a554d462021-12-22 12:43:26.700root 11241100x80000000000000004017617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdf86612bf6ad3c2021-12-22 12:43:26.700root 11241100x80000000000000004017618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b703afd168fbba2021-12-22 12:43:26.700root 11241100x80000000000000004017619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfa3dd495bb590f2021-12-22 12:43:26.700root 11241100x80000000000000004017620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6639904657d3373c2021-12-22 12:43:26.700root 11241100x80000000000000004017621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5517075d4458dff62021-12-22 12:43:26.700root 11241100x80000000000000004017622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d88358eb6ca8522021-12-22 12:43:26.700root 11241100x80000000000000004017623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7c9a869bfe89a72021-12-22 12:43:26.700root 11241100x80000000000000004017624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169d6fed8d5b1fe42021-12-22 12:43:26.700root 11241100x80000000000000004017625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea87bdbb0e162eb22021-12-22 12:43:26.700root 354300x80000000000000004017626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.093{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56814-false10.0.1.12-8000- 11241100x80000000000000004017627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f682fd42a1c420e2021-12-22 12:43:27.094root 11241100x80000000000000004017628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420ba068d98a636d2021-12-22 12:43:27.094root 11241100x80000000000000004017629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac67a58b3f0e85e2021-12-22 12:43:27.094root 11241100x80000000000000004017630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684c18614dc68beb2021-12-22 12:43:27.094root 11241100x80000000000000004017631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb4b5b3bc32444a2021-12-22 12:43:27.094root 11241100x80000000000000004017632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abb490a57a328292021-12-22 12:43:27.095root 11241100x80000000000000004017633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d4eaf12b85afdb2021-12-22 12:43:27.095root 11241100x80000000000000004017634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc41041186e4ce62021-12-22 12:43:27.095root 11241100x80000000000000004017635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2968e6945e0feb102021-12-22 12:43:27.095root 11241100x80000000000000004017636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4073a5d86827ef2021-12-22 12:43:27.095root 11241100x80000000000000004017637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09342fc2e4c923f2021-12-22 12:43:27.095root 11241100x80000000000000004017638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aff0c7c9f3ba1ce2021-12-22 12:43:27.095root 11241100x80000000000000004017639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335dd8ae81f139f32021-12-22 12:43:27.095root 11241100x80000000000000004017640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddaeead7e263bc22021-12-22 12:43:27.095root 11241100x80000000000000004017641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f82386c94453bc42021-12-22 12:43:27.095root 11241100x80000000000000004017642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec301fb322872c42021-12-22 12:43:27.096root 11241100x80000000000000004017643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2270203cb82624842021-12-22 12:43:27.096root 11241100x80000000000000004017644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c965f1f7b3a59b062021-12-22 12:43:27.096root 11241100x80000000000000004017645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9272188cf83df72021-12-22 12:43:27.096root 11241100x80000000000000004017646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2c2042236fe7222021-12-22 12:43:27.096root 11241100x80000000000000004017647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d659c3a2771ffd9c2021-12-22 12:43:27.096root 11241100x80000000000000004017648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d13155776389752021-12-22 12:43:27.096root 11241100x80000000000000004017649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fb69ea7d8991c92021-12-22 12:43:27.096root 11241100x80000000000000004017650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128551feba3639d12021-12-22 12:43:27.096root 11241100x80000000000000004017651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710a8155f0413d452021-12-22 12:43:27.096root 11241100x80000000000000004017652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f569dcd6f2d83082021-12-22 12:43:27.096root 11241100x80000000000000004017653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afdc86d54bd8ca72021-12-22 12:43:27.096root 11241100x80000000000000004017654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67acd71e54aad4d2021-12-22 12:43:27.096root 11241100x80000000000000004017655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90139194764afc92021-12-22 12:43:27.097root 11241100x80000000000000004017656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50ef81cc0b820ee2021-12-22 12:43:27.097root 11241100x80000000000000004017657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c3074c2b9c7c642021-12-22 12:43:27.097root 11241100x80000000000000004017658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af673a5182ca6b782021-12-22 12:43:27.097root 11241100x80000000000000004017659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13802456fb3a03ad2021-12-22 12:43:27.097root 11241100x80000000000000004017660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784b61ab903e73782021-12-22 12:43:27.097root 11241100x80000000000000004017661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c49faf56b85da62021-12-22 12:43:27.097root 11241100x80000000000000004017662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf7b0aba57e4aa62021-12-22 12:43:27.097root 11241100x80000000000000004017663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7c9be8e4bdc0042021-12-22 12:43:27.097root 11241100x80000000000000004017664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7158fdf4b01a52932021-12-22 12:43:27.097root 11241100x80000000000000004017665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868f187e1f2a94022021-12-22 12:43:27.097root 11241100x80000000000000004017666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbfe7617bbd6a182021-12-22 12:43:27.098root 11241100x80000000000000004017667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0d70355ff6ab792021-12-22 12:43:27.098root 11241100x80000000000000004017668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d06a9b107a238522021-12-22 12:43:27.098root 11241100x80000000000000004017669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafa5aa6c2e113142021-12-22 12:43:27.098root 11241100x80000000000000004017670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67f6dfde10b38252021-12-22 12:43:27.098root 11241100x80000000000000004017671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee7593061eb14a62021-12-22 12:43:27.098root 11241100x80000000000000004017672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bf9f978f9e64162021-12-22 12:43:27.098root 11241100x80000000000000004017673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d06819818873bc2021-12-22 12:43:27.098root 11241100x80000000000000004017674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a539cb2e247a10c2021-12-22 12:43:27.098root 11241100x80000000000000004017675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc15484cbbd209e82021-12-22 12:43:27.098root 11241100x80000000000000004017676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4fa8ad24154d6a2021-12-22 12:43:27.098root 11241100x80000000000000004017677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1071092ffd76710c2021-12-22 12:43:27.098root 11241100x80000000000000004017678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c693347cf3fc1f2021-12-22 12:43:27.098root 11241100x80000000000000004017679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2adad9939f61bd2021-12-22 12:43:27.098root 11241100x80000000000000004017680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcba786d377cd23c2021-12-22 12:43:27.098root 11241100x80000000000000004017681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487b97386afe28992021-12-22 12:43:27.099root 11241100x80000000000000004017682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34752cbbd237fa1c2021-12-22 12:43:27.099root 11241100x80000000000000004017683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1641214028e0e4652021-12-22 12:43:27.099root 11241100x80000000000000004017684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c979181d0d01132021-12-22 12:43:27.099root 11241100x80000000000000004017685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe5e2c71407c69e2021-12-22 12:43:27.099root 11241100x80000000000000004017686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02d1d533fb68a532021-12-22 12:43:27.099root 11241100x80000000000000004017687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d68162354ad24f2021-12-22 12:43:27.099root 11241100x80000000000000004017688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a057a4e8d6f29f8f2021-12-22 12:43:27.099root 11241100x80000000000000004017689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcde42201dc6cde2021-12-22 12:43:27.099root 11241100x80000000000000004017690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734425babee883762021-12-22 12:43:27.099root 11241100x80000000000000004017691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3ee580ead64c412021-12-22 12:43:27.099root 11241100x80000000000000004017692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee362bc178031652021-12-22 12:43:27.100root 11241100x80000000000000004017693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d55c69a7b4a6f242021-12-22 12:43:27.100root 11241100x80000000000000004017694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eb8a20aac9bf302021-12-22 12:43:27.100root 11241100x80000000000000004017695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912ca4b2c5f858752021-12-22 12:43:27.100root 11241100x80000000000000004017696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21dd3c0b8b7763a2021-12-22 12:43:27.100root 11241100x80000000000000004017697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ff09346856aeab2021-12-22 12:43:27.100root 11241100x80000000000000004017698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0ea3c6431f78762021-12-22 12:43:27.100root 11241100x80000000000000004017699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2edbd88d83ea442021-12-22 12:43:27.101root 11241100x80000000000000004017700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1441b75da9dc0742021-12-22 12:43:27.101root 11241100x80000000000000004017701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43818187d7ba3dd2021-12-22 12:43:27.101root 11241100x80000000000000004017702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73f15eade3cb2d72021-12-22 12:43:27.101root 11241100x80000000000000004017703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4a00239ae6f92c2021-12-22 12:43:27.102root 11241100x80000000000000004017704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84a9fd1d972ad742021-12-22 12:43:27.102root 11241100x80000000000000004017705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f009d21f7b7e1fe32021-12-22 12:43:27.102root 11241100x80000000000000004017706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4d311fba85cad02021-12-22 12:43:27.103root 11241100x80000000000000004017707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d566f63965aad2182021-12-22 12:43:27.103root 11241100x80000000000000004017708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bab08169cd3d3b82021-12-22 12:43:27.103root 11241100x80000000000000004017709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0666c3d4b9f260622021-12-22 12:43:27.103root 11241100x80000000000000004017710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ebe3c9dc5c549a2021-12-22 12:43:27.104root 11241100x80000000000000004017711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7213f601237c55a42021-12-22 12:43:27.104root 11241100x80000000000000004017712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88675500da1a1012021-12-22 12:43:27.104root 11241100x80000000000000004017713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1c01b74d00acae2021-12-22 12:43:27.104root 11241100x80000000000000004017714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ba4df106f7d6ae2021-12-22 12:43:27.105root 11241100x80000000000000004017715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab6695465658ac42021-12-22 12:43:27.105root 11241100x80000000000000004017716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdfcb63d3c8f79c2021-12-22 12:43:27.105root 11241100x80000000000000004017717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdafd7b2a9f07c02021-12-22 12:43:27.105root 11241100x80000000000000004017718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf2a96fd1f7c3d12021-12-22 12:43:27.105root 11241100x80000000000000004017719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf9049581d6d2942021-12-22 12:43:27.106root 11241100x80000000000000004017720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7471534c01dc4d42021-12-22 12:43:27.107root 11241100x80000000000000004017721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5481aa7ce14caac52021-12-22 12:43:27.107root 11241100x80000000000000004017722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1778958db05933532021-12-22 12:43:27.107root 11241100x80000000000000004017723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fcfb7520edcda52021-12-22 12:43:27.107root 11241100x80000000000000004017724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb447294555d3c42021-12-22 12:43:27.108root 11241100x80000000000000004017725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0830cedb4741972021-12-22 12:43:27.110root 11241100x80000000000000004017726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4ebf182a8499672021-12-22 12:43:27.110root 11241100x80000000000000004017727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a345d2f35c9e7f2021-12-22 12:43:27.111root 11241100x80000000000000004017728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14512e3c0e9853112021-12-22 12:43:27.111root 11241100x80000000000000004017729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332c888b2cbea7c62021-12-22 12:43:27.111root 11241100x80000000000000004017730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2b47b60ac36b4d2021-12-22 12:43:27.111root 11241100x80000000000000004017731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62beb7cad1521b92021-12-22 12:43:27.111root 11241100x80000000000000004017732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d35277d5126db322021-12-22 12:43:27.111root 11241100x80000000000000004017733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452890b774db23562021-12-22 12:43:27.112root 11241100x80000000000000004017734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e187ae0bc433dee22021-12-22 12:43:27.112root 154100x80000000000000004017735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.402{ec2b6afe-1d6f-61c3-6844-594210560000}22708/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x80000000000000004017736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc83605bd2bdca812021-12-22 12:43:27.405root 11241100x80000000000000004017737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5de839a8f61f21b2021-12-22 12:43:27.405root 11241100x80000000000000004017738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aa85190e49c9fc2021-12-22 12:43:27.405root 11241100x80000000000000004017739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c438a1c9cd99a52021-12-22 12:43:27.405root 11241100x80000000000000004017740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db473259925243a2021-12-22 12:43:27.405root 11241100x80000000000000004017741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38d5ff4a0504de72021-12-22 12:43:27.405root 11241100x80000000000000004017742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa3a0cfe738912d2021-12-22 12:43:27.405root 11241100x80000000000000004017743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd557c52b770be92021-12-22 12:43:27.405root 11241100x80000000000000004017744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2da04478db0eaf2021-12-22 12:43:27.405root 11241100x80000000000000004017745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f41d763463ae442021-12-22 12:43:27.405root 11241100x80000000000000004017746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9750275a17f03d2021-12-22 12:43:27.405root 11241100x80000000000000004017747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dcf2400cb6fd432021-12-22 12:43:27.405root 11241100x80000000000000004017748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4d0f8224b517312021-12-22 12:43:27.405root 11241100x80000000000000004017749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c298218057410bbe2021-12-22 12:43:27.406root 11241100x80000000000000004017750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1151b1b5fecd28162021-12-22 12:43:27.406root 11241100x80000000000000004017751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3cc18cd0b556602021-12-22 12:43:27.406root 11241100x80000000000000004017752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360eedd051d9caed2021-12-22 12:43:27.406root 11241100x80000000000000004017753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41830793e8bda6ec2021-12-22 12:43:27.406root 11241100x80000000000000004017754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e523f86d822e6e812021-12-22 12:43:27.406root 11241100x80000000000000004017755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ad4fcc0668a0c62021-12-22 12:43:27.406root 11241100x80000000000000004017756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c144ee4878a01d702021-12-22 12:43:27.406root 11241100x80000000000000004017757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d9ebb5f76089992021-12-22 12:43:27.406root 11241100x80000000000000004017758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d964b5703a1e9bbd2021-12-22 12:43:27.406root 11241100x80000000000000004017759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8eb808683523642021-12-22 12:43:27.406root 11241100x80000000000000004017760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb04f760b7438c512021-12-22 12:43:27.406root 11241100x80000000000000004017761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f974b12f003f46ed2021-12-22 12:43:27.406root 11241100x80000000000000004017762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79bd2b6ff6f900b2021-12-22 12:43:27.406root 11241100x80000000000000004017763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411137714bc29dfb2021-12-22 12:43:27.406root 11241100x80000000000000004017764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3177ef8e13df1c3f2021-12-22 12:43:27.407root 11241100x80000000000000004017765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7dfad1b4ab32892021-12-22 12:43:27.407root 11241100x80000000000000004017766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6675f12892d6a802021-12-22 12:43:27.407root 11241100x80000000000000004017767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193f3d9e57930edb2021-12-22 12:43:27.407root 534500x80000000000000004017768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.422{ec2b6afe-1d6f-61c3-6844-594210560000}22708/bin/psroot 11241100x80000000000000004017769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbda54d93f86f4152021-12-22 12:43:27.693root 11241100x80000000000000004017770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aadb8bf4ac8e902021-12-22 12:43:27.694root 11241100x80000000000000004017771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac7015c9173d9b12021-12-22 12:43:27.694root 11241100x80000000000000004017772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26733d688d2b8f7e2021-12-22 12:43:27.694root 11241100x80000000000000004017773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b91eacaff3e50472021-12-22 12:43:27.694root 11241100x80000000000000004017774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3290da850441ba2021-12-22 12:43:27.694root 11241100x80000000000000004017775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c51fd2b5ea12c8c2021-12-22 12:43:27.694root 11241100x80000000000000004017776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e39f1112a5944e2021-12-22 12:43:27.694root 11241100x80000000000000004017777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ef84e0d997ec8d2021-12-22 12:43:27.694root 11241100x80000000000000004017778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4aa1d95e173ba52021-12-22 12:43:27.695root 11241100x80000000000000004017779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f014ba92bddaca2021-12-22 12:43:27.695root 11241100x80000000000000004017780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b5d982d5fdcd72021-12-22 12:43:27.695root 11241100x80000000000000004017781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe630150c8b28702021-12-22 12:43:27.695root 11241100x80000000000000004017782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e3e13c3d2264902021-12-22 12:43:27.695root 11241100x80000000000000004017783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f1c6234b80132a2021-12-22 12:43:27.695root 11241100x80000000000000004017784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91784efbebfb9c112021-12-22 12:43:27.695root 11241100x80000000000000004017785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a862eb0a7b6bc4da2021-12-22 12:43:27.695root 11241100x80000000000000004017786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cb26e90f7a06ff2021-12-22 12:43:27.695root 11241100x80000000000000004017787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ee306289f0fb212021-12-22 12:43:27.696root 11241100x80000000000000004017788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c7a59780c007032021-12-22 12:43:27.696root 11241100x80000000000000004017789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351947754678a7b92021-12-22 12:43:27.696root 11241100x80000000000000004017790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7ebe30624002612021-12-22 12:43:27.696root 11241100x80000000000000004017791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7f3005cd65c7bd2021-12-22 12:43:27.696root 11241100x80000000000000004017792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658c035e7fe72c722021-12-22 12:43:27.696root 11241100x80000000000000004017793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d18b87bfa790ef2021-12-22 12:43:27.696root 11241100x80000000000000004017794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde373bdb587a94a2021-12-22 12:43:27.696root 11241100x80000000000000004017795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d328e9ba5cfef6542021-12-22 12:43:27.696root 11241100x80000000000000004017796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6426af71a958d432021-12-22 12:43:27.697root 11241100x80000000000000004017797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcedd88c117738d2021-12-22 12:43:27.697root 11241100x80000000000000004017798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7937cec34891fe2f2021-12-22 12:43:27.697root 11241100x80000000000000004017799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf315f59242a84d2021-12-22 12:43:27.697root 11241100x80000000000000004017800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e224df54939abc2021-12-22 12:43:27.697root 11241100x80000000000000004017801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e431e5b95a2769e62021-12-22 12:43:27.697root 11241100x80000000000000004017802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a418ac8dffaf2c2021-12-22 12:43:28.193root 11241100x80000000000000004017803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca77b04164b24ac2021-12-22 12:43:28.193root 11241100x80000000000000004017804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5ea5eea6d92cba2021-12-22 12:43:28.194root 11241100x80000000000000004017805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389692cb20b75a002021-12-22 12:43:28.194root 11241100x80000000000000004017806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73bbc69f6d95ba82021-12-22 12:43:28.194root 11241100x80000000000000004017807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebeb4c788be0e9462021-12-22 12:43:28.194root 11241100x80000000000000004017808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44a8080c0d4e5b42021-12-22 12:43:28.194root 11241100x80000000000000004017809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a798f5f25533eec82021-12-22 12:43:28.194root 11241100x80000000000000004017810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c48be4b34999102021-12-22 12:43:28.194root 11241100x80000000000000004017811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ababe7704684ab2021-12-22 12:43:28.194root 11241100x80000000000000004017812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e452ef484a6c8562021-12-22 12:43:28.194root 11241100x80000000000000004017813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b36464fd50b3b502021-12-22 12:43:28.194root 11241100x80000000000000004017814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36953256d1304af2021-12-22 12:43:28.195root 11241100x80000000000000004017815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f8844dc9bfe8ee2021-12-22 12:43:28.195root 11241100x80000000000000004017816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28c5ec56898f3d82021-12-22 12:43:28.195root 11241100x80000000000000004017817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fc71bad1849f5e2021-12-22 12:43:28.195root 11241100x80000000000000004017818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238aea156c217ee12021-12-22 12:43:28.195root 11241100x80000000000000004017819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8121ee26b964db72021-12-22 12:43:28.195root 11241100x80000000000000004017820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f504f57e9d55be02021-12-22 12:43:28.195root 11241100x80000000000000004017821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a549afbfe4a414052021-12-22 12:43:28.195root 11241100x80000000000000004017822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10a4fabc73804812021-12-22 12:43:28.195root 11241100x80000000000000004017823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e51f13deca9a76d2021-12-22 12:43:28.195root 11241100x80000000000000004017824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5099aff8ea50912021-12-22 12:43:28.196root 11241100x80000000000000004017825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9225900f6b13e82021-12-22 12:43:28.196root 11241100x80000000000000004017826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68ad5522bac076a2021-12-22 12:43:28.196root 11241100x80000000000000004017827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304af2de590175762021-12-22 12:43:28.196root 11241100x80000000000000004017828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62c42447b7e71682021-12-22 12:43:28.196root 11241100x80000000000000004017829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9490c8b2e4f0062021-12-22 12:43:28.196root 11241100x80000000000000004017830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa76182002f84922021-12-22 12:43:28.196root 11241100x80000000000000004017831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2696c5da367239d2021-12-22 12:43:28.196root 11241100x80000000000000004017832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3b15c36f935f6f2021-12-22 12:43:28.197root 11241100x80000000000000004017833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dab13978821f9302021-12-22 12:43:28.197root 11241100x80000000000000004017834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0a2c8f8a4f5e832021-12-22 12:43:28.197root 11241100x80000000000000004017835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac33f719fb3b1e32021-12-22 12:43:28.693root 11241100x80000000000000004017836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a40954a0b0f4d02021-12-22 12:43:28.693root 11241100x80000000000000004017837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76298145c27b04f12021-12-22 12:43:28.693root 11241100x80000000000000004017838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a34c99179cd1a472021-12-22 12:43:28.693root 11241100x80000000000000004017839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62bded7fba5655f2021-12-22 12:43:28.693root 11241100x80000000000000004017840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3893f5cb379b504f2021-12-22 12:43:28.693root 11241100x80000000000000004017841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3368d0a6938076fa2021-12-22 12:43:28.693root 11241100x80000000000000004017842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43f6749860dd1562021-12-22 12:43:28.694root 11241100x80000000000000004017843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1063ddaa2b5c88d12021-12-22 12:43:28.694root 11241100x80000000000000004017844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed051e18b518ccb22021-12-22 12:43:28.694root 11241100x80000000000000004017845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69616c34fcae14c2021-12-22 12:43:28.694root 11241100x80000000000000004017846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a936984c09a68b82021-12-22 12:43:28.694root 11241100x80000000000000004017847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ffb45bf477374a2021-12-22 12:43:28.694root 11241100x80000000000000004017848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8e51aecce1a4cf2021-12-22 12:43:28.694root 11241100x80000000000000004017849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cd8b606e8457602021-12-22 12:43:28.695root 11241100x80000000000000004017850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec387a60476cd302021-12-22 12:43:28.695root 11241100x80000000000000004017851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aacc71d217d2272021-12-22 12:43:28.695root 11241100x80000000000000004017852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d02fef060e1391e2021-12-22 12:43:28.695root 11241100x80000000000000004017853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9fcb9ae0b237c42021-12-22 12:43:28.695root 11241100x80000000000000004017854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c80f7e2ea849422021-12-22 12:43:28.695root 11241100x80000000000000004017855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9c8ca5435632322021-12-22 12:43:28.695root 11241100x80000000000000004017856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422625f42ceb82d2021-12-22 12:43:28.695root 11241100x80000000000000004017857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e93b714d165b682021-12-22 12:43:28.695root 11241100x80000000000000004017858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f219d6ee8914ff2021-12-22 12:43:28.696root 11241100x80000000000000004017859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98af1063712d05d32021-12-22 12:43:28.696root 11241100x80000000000000004017860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dc04bd313ac96e2021-12-22 12:43:28.696root 11241100x80000000000000004017861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b85ec67da0078d2021-12-22 12:43:28.696root 11241100x80000000000000004017862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6cc4d674580f032021-12-22 12:43:28.696root 11241100x80000000000000004017863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbca73fb3ad915f72021-12-22 12:43:28.697root 11241100x80000000000000004017864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efc04c13e92e9d62021-12-22 12:43:28.697root 11241100x80000000000000004017865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b1bdce520a381c2021-12-22 12:43:28.697root 11241100x80000000000000004017866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93730ba48bc50d92021-12-22 12:43:28.697root 11241100x80000000000000004017867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cb2d90b7f0f6902021-12-22 12:43:28.698root 11241100x80000000000000004017868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433a53de8a6b3ee82021-12-22 12:43:28.698root 11241100x80000000000000004017869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b10a05a502b28c2021-12-22 12:43:28.698root 11241100x80000000000000004017870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ce57e95c6dd7592021-12-22 12:43:28.699root 11241100x80000000000000004017871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7679d409d39df8412021-12-22 12:43:28.699root 11241100x80000000000000004017872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef11decc65d44b42021-12-22 12:43:28.699root 11241100x80000000000000004017873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905e613b7595be662021-12-22 12:43:29.193root 11241100x80000000000000004017874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4666603dedea44072021-12-22 12:43:29.193root 11241100x80000000000000004017875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff927a6db81a8c2021-12-22 12:43:29.194root 11241100x80000000000000004017876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e37afdf6c33fa862021-12-22 12:43:29.194root 11241100x80000000000000004017877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97943215ba55f4232021-12-22 12:43:29.194root 11241100x80000000000000004017878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e489c9ee62e456452021-12-22 12:43:29.194root 11241100x80000000000000004017879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3c2b26f5dde00d2021-12-22 12:43:29.195root 11241100x80000000000000004017880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dae0b2fcd57fd62021-12-22 12:43:29.195root 11241100x80000000000000004017881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65e5948754d6ddf2021-12-22 12:43:29.195root 11241100x80000000000000004017882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6529f6e2a41e45ae2021-12-22 12:43:29.195root 11241100x80000000000000004017883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad20ca76239ec3492021-12-22 12:43:29.196root 11241100x80000000000000004017884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa33a00afb13f1b42021-12-22 12:43:29.196root 11241100x80000000000000004017885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a757f6034ce2e9aa2021-12-22 12:43:29.196root 11241100x80000000000000004017886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fbc900ce80fe332021-12-22 12:43:29.197root 11241100x80000000000000004017887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94045e8846060c0d2021-12-22 12:43:29.197root 11241100x80000000000000004017888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a0007f5de899ed2021-12-22 12:43:29.197root 11241100x80000000000000004017889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c5029c21461bfe2021-12-22 12:43:29.197root 11241100x80000000000000004017890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d46aecbddedb4e2021-12-22 12:43:29.198root 11241100x80000000000000004017891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22909d79a91d15f62021-12-22 12:43:29.198root 11241100x80000000000000004017892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7f9080d59432372021-12-22 12:43:29.198root 11241100x80000000000000004017893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2b3ede01fe57302021-12-22 12:43:29.198root 11241100x80000000000000004017894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40acf5daa04a540f2021-12-22 12:43:29.198root 11241100x80000000000000004017895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfed2cbf019ffa992021-12-22 12:43:29.199root 11241100x80000000000000004017896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62807c50fbba05f2021-12-22 12:43:29.199root 11241100x80000000000000004017897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af0fa22c78b1f3e2021-12-22 12:43:29.199root 11241100x80000000000000004017898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc95862c1aea250c2021-12-22 12:43:29.199root 11241100x80000000000000004017899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3789d24f586debb12021-12-22 12:43:29.199root 11241100x80000000000000004017900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6602bf08e64d34b92021-12-22 12:43:29.199root 11241100x80000000000000004017901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ac25b2342695402021-12-22 12:43:29.200root 11241100x80000000000000004017902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e246d4bc370b7b72021-12-22 12:43:29.200root 11241100x80000000000000004017903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e99895dde166d72021-12-22 12:43:29.200root 11241100x80000000000000004017904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3576a5820e4137282021-12-22 12:43:29.200root 11241100x80000000000000004017905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6dc3dcf6047d782021-12-22 12:43:29.200root 11241100x80000000000000004017906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa21c069d2c54daf2021-12-22 12:43:29.200root 11241100x80000000000000004017907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cceccdd69116ed4d2021-12-22 12:43:29.200root 11241100x80000000000000004017908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb6116f501c26a82021-12-22 12:43:29.692root 11241100x80000000000000004017909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e99aef29e028cb2021-12-22 12:43:29.693root 11241100x80000000000000004017910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db5b525321d74762021-12-22 12:43:29.693root 11241100x80000000000000004017911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5056d8d0cd203f4c2021-12-22 12:43:29.693root 11241100x80000000000000004017912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d841b7c252fdaa2021-12-22 12:43:29.693root 11241100x80000000000000004017913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbf4737679610dd2021-12-22 12:43:29.693root 11241100x80000000000000004017914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ac02e7ac73913a2021-12-22 12:43:29.693root 11241100x80000000000000004017915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2446e2fb4251192021-12-22 12:43:29.694root 11241100x80000000000000004017916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74b718c4922273a2021-12-22 12:43:29.694root 11241100x80000000000000004017917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36db114d8488593c2021-12-22 12:43:29.694root 11241100x80000000000000004017918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364dba62ac130a3a2021-12-22 12:43:29.694root 11241100x80000000000000004017919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01148e339c9aacc02021-12-22 12:43:29.694root 11241100x80000000000000004017920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12d87069858e8d22021-12-22 12:43:29.695root 11241100x80000000000000004017921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd29ff3c2f562c6f2021-12-22 12:43:29.695root 11241100x80000000000000004017922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a311119357576a2021-12-22 12:43:29.695root 11241100x80000000000000004017923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919acf97f54108b32021-12-22 12:43:29.695root 11241100x80000000000000004017924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80408ae0692d60ae2021-12-22 12:43:29.695root 11241100x80000000000000004017925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0765d1fa2a8db3082021-12-22 12:43:29.695root 11241100x80000000000000004017926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6c1283e7c6028e2021-12-22 12:43:29.696root 11241100x80000000000000004017927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09777de26c8ac1c32021-12-22 12:43:29.696root 11241100x80000000000000004017928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce267ccbdfb1fc22021-12-22 12:43:29.696root 11241100x80000000000000004017929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252e4cfdb5e9c3c22021-12-22 12:43:29.696root 11241100x80000000000000004017930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c2061592485b602021-12-22 12:43:29.696root 11241100x80000000000000004017931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61344524566053f42021-12-22 12:43:29.697root 11241100x80000000000000004017932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9f209cabd8475b2021-12-22 12:43:29.697root 11241100x80000000000000004017933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef512517fc0b3efe2021-12-22 12:43:29.697root 11241100x80000000000000004017934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d3c30130af910b2021-12-22 12:43:29.697root 11241100x80000000000000004017935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d478a9f7542710f02021-12-22 12:43:29.698root 11241100x80000000000000004017936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0234fe92b487c65d2021-12-22 12:43:29.698root 11241100x80000000000000004017937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1da9a1a7491553f2021-12-22 12:43:29.698root 11241100x80000000000000004017938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6d99a5edaf29ea2021-12-22 12:43:29.698root 11241100x80000000000000004017939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94005b8ebb5302772021-12-22 12:43:29.698root 11241100x80000000000000004017940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfd615f13af28ca2021-12-22 12:43:29.699root 11241100x80000000000000004017941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aebc603625492942021-12-22 12:43:29.699root 11241100x80000000000000004017942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f601837d89b86e2021-12-22 12:43:29.700root 11241100x80000000000000004017943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3592df193c8b782021-12-22 12:43:29.700root 11241100x80000000000000004017944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc74c1cbb6eb8442021-12-22 12:43:29.700root 11241100x80000000000000004017945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4f6728b1e3ca512021-12-22 12:43:30.193root 11241100x80000000000000004017946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6eb11d81addb79a2021-12-22 12:43:30.194root 11241100x80000000000000004017947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e98b8591f4421c52021-12-22 12:43:30.194root 11241100x80000000000000004017948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa0ef67dae1b6f22021-12-22 12:43:30.194root 11241100x80000000000000004017949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254070717bf635f82021-12-22 12:43:30.194root 11241100x80000000000000004017950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf429b329c0a8e22021-12-22 12:43:30.194root 11241100x80000000000000004017951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082425170a9d1af02021-12-22 12:43:30.195root 11241100x80000000000000004017952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea3f48c1d5211f2021-12-22 12:43:30.195root 11241100x80000000000000004017953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfbaee1c13b68712021-12-22 12:43:30.195root 11241100x80000000000000004017954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feabc8d27229e8732021-12-22 12:43:30.195root 11241100x80000000000000004017955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948e506dcd72784b2021-12-22 12:43:30.195root 11241100x80000000000000004017956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c1af34c0a41fce2021-12-22 12:43:30.195root 11241100x80000000000000004017957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bd1edc0f21f8f32021-12-22 12:43:30.195root 11241100x80000000000000004017958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989e2d0105904dbb2021-12-22 12:43:30.196root 11241100x80000000000000004017959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094a82522d23bffa2021-12-22 12:43:30.196root 11241100x80000000000000004017960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538ab4967cee786f2021-12-22 12:43:30.196root 11241100x80000000000000004017961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abb27a3d3e0be892021-12-22 12:43:30.196root 11241100x80000000000000004017962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6156cf3024743872021-12-22 12:43:30.196root 11241100x80000000000000004017963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb380f38ba64e502021-12-22 12:43:30.196root 11241100x80000000000000004017964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9be839f7775edec2021-12-22 12:43:30.196root 11241100x80000000000000004017965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d98494ee74c36782021-12-22 12:43:30.196root 11241100x80000000000000004017966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923e74e8a46327462021-12-22 12:43:30.197root 11241100x80000000000000004017967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0f7e91fa96a0ba2021-12-22 12:43:30.197root 11241100x80000000000000004017968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4355e79ba8990712021-12-22 12:43:30.197root 11241100x80000000000000004017969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0200bff2d5baa42021-12-22 12:43:30.197root 11241100x80000000000000004017970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af2c0600c9393b72021-12-22 12:43:30.197root 11241100x80000000000000004017971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f96647b916f9e2021-12-22 12:43:30.197root 11241100x80000000000000004017972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5f0e6e112e69932021-12-22 12:43:30.197root 11241100x80000000000000004017973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2922c1ff924611b2021-12-22 12:43:30.197root 11241100x80000000000000004017974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecf556d242bc2522021-12-22 12:43:30.197root 11241100x80000000000000004017975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fae0349255dad0e2021-12-22 12:43:30.197root 11241100x80000000000000004017976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f06174cfe61d1c12021-12-22 12:43:30.198root 11241100x80000000000000004017977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a4e215da6f744f2021-12-22 12:43:30.198root 11241100x80000000000000004017978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1a40d232505a6f2021-12-22 12:43:30.693root 11241100x80000000000000004017979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2049a5e0eb23b0d02021-12-22 12:43:30.693root 11241100x80000000000000004017980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a53f9b357fb30a2021-12-22 12:43:30.693root 11241100x80000000000000004017981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178b5cab12926d442021-12-22 12:43:30.693root 11241100x80000000000000004017982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebac210ab330569f2021-12-22 12:43:30.693root 11241100x80000000000000004017983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427ffe5db655b9ab2021-12-22 12:43:30.693root 11241100x80000000000000004017984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e08c6ffcce841d2021-12-22 12:43:30.694root 11241100x80000000000000004017985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6b54cd5290ceb52021-12-22 12:43:30.694root 11241100x80000000000000004017986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0787530a829fd9d12021-12-22 12:43:30.694root 11241100x80000000000000004017987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcbe1173be1af7e2021-12-22 12:43:30.694root 11241100x80000000000000004017988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1a41867f02bd002021-12-22 12:43:30.694root 11241100x80000000000000004017989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4d4348f1f102472021-12-22 12:43:30.694root 11241100x80000000000000004017990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b35de8d6a1c4bc2021-12-22 12:43:30.694root 11241100x80000000000000004017991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1018ffbba0a544e2021-12-22 12:43:30.695root 11241100x80000000000000004017992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242feb2ef16d8d1e2021-12-22 12:43:30.695root 11241100x80000000000000004017993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da58eb721e68de0a2021-12-22 12:43:30.695root 11241100x80000000000000004017994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b78efb5d9216cb32021-12-22 12:43:30.695root 11241100x80000000000000004017995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43f3c337c8d913c2021-12-22 12:43:30.695root 11241100x80000000000000004017996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930f1fca39e2ebe52021-12-22 12:43:30.695root 11241100x80000000000000004017997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f913d136537374d02021-12-22 12:43:30.696root 11241100x80000000000000004017998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ca1d04f4c7418f2021-12-22 12:43:30.696root 11241100x80000000000000004017999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2209284e3187045e2021-12-22 12:43:30.696root 11241100x80000000000000004018000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc5599e4560f33a2021-12-22 12:43:30.696root 11241100x80000000000000004018001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0549637cab1555c72021-12-22 12:43:30.696root 11241100x80000000000000004018002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ae6e72ec91a9f82021-12-22 12:43:30.696root 11241100x80000000000000004018003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85348e5b175f7932021-12-22 12:43:30.696root 11241100x80000000000000004018004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f699a10bf718a762021-12-22 12:43:30.696root 11241100x80000000000000004018005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b98e9217e29d1a2021-12-22 12:43:30.697root 11241100x80000000000000004018006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69088d63f70e66d52021-12-22 12:43:30.697root 11241100x80000000000000004018007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67074a6bcd4d85a2021-12-22 12:43:30.697root 11241100x80000000000000004018008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9604c38837d202592021-12-22 12:43:30.697root 11241100x80000000000000004018009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4badc2e1836a3b2021-12-22 12:43:30.697root 11241100x80000000000000004018010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccb06c4171530592021-12-22 12:43:30.697root 11241100x80000000000000004018011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8894d6a75cdb35bd2021-12-22 12:43:30.697root 11241100x80000000000000004018012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07d68cefbd238922021-12-22 12:43:30.697root 11241100x80000000000000004018013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b5656b7d83aa992021-12-22 12:43:31.193root 11241100x80000000000000004018014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d73a420c10081942021-12-22 12:43:31.193root 11241100x80000000000000004018015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc9dade43b21a462021-12-22 12:43:31.193root 11241100x80000000000000004018016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee0831b61ddff72021-12-22 12:43:31.193root 11241100x80000000000000004018017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b2a107bf9e3af12021-12-22 12:43:31.193root 11241100x80000000000000004018018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e476a0365a7487032021-12-22 12:43:31.193root 11241100x80000000000000004018019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b38abfe6aed7682021-12-22 12:43:31.194root 11241100x80000000000000004018020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b97bf73299d1bf2021-12-22 12:43:31.194root 11241100x80000000000000004018021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4950cea4775e8a752021-12-22 12:43:31.194root 11241100x80000000000000004018022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51009bacdc10d9582021-12-22 12:43:31.194root 11241100x80000000000000004018023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6d2578bad0fdd82021-12-22 12:43:31.194root 11241100x80000000000000004018024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbeb098f47c3e752021-12-22 12:43:31.194root 11241100x80000000000000004018025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fffb306763491272021-12-22 12:43:31.195root 11241100x80000000000000004018026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fda86ebb3cce8f72021-12-22 12:43:31.195root 11241100x80000000000000004018027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d587ef4a0d6b792021-12-22 12:43:31.195root 11241100x80000000000000004018028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dcef7f20b45b912021-12-22 12:43:31.195root 11241100x80000000000000004018029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7dadfa93809dd72021-12-22 12:43:31.195root 11241100x80000000000000004018030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f764068c5179b8182021-12-22 12:43:31.195root 11241100x80000000000000004018031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb624055a8c90ed02021-12-22 12:43:31.196root 11241100x80000000000000004018032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707fd4e6ae79f81a2021-12-22 12:43:31.196root 11241100x80000000000000004018033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f339225b30cb5ed2021-12-22 12:43:31.196root 11241100x80000000000000004018034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af94930f362d3bf62021-12-22 12:43:31.196root 11241100x80000000000000004018035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f54b3640cd6c902021-12-22 12:43:31.196root 11241100x80000000000000004018036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2682a7332642292021-12-22 12:43:31.197root 11241100x80000000000000004018037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ff035981ce9b972021-12-22 12:43:31.197root 11241100x80000000000000004018038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af2251d5260ca842021-12-22 12:43:31.197root 11241100x80000000000000004018039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eddf5f292145622021-12-22 12:43:31.197root 11241100x80000000000000004018040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7dab85720e6d1f2021-12-22 12:43:31.197root 11241100x80000000000000004018041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60327cf9f603cdf72021-12-22 12:43:31.197root 11241100x80000000000000004018042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b9f0c6b752fad42021-12-22 12:43:31.198root 11241100x80000000000000004018043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55eeace9f7fd39212021-12-22 12:43:31.198root 11241100x80000000000000004018044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593a8c2bac47bf32021-12-22 12:43:31.198root 11241100x80000000000000004018045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d81b8d0d614aaa2021-12-22 12:43:31.198root 11241100x80000000000000004018046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e982fbfbbf0c266e2021-12-22 12:43:31.198root 11241100x80000000000000004018047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41309af270578cf72021-12-22 12:43:31.198root 11241100x80000000000000004018048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc7ba1f24fa907f2021-12-22 12:43:31.198root 11241100x80000000000000004018049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0519415ce4d4732021-12-22 12:43:31.199root 11241100x80000000000000004018050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d510a764af785a22021-12-22 12:43:31.199root 11241100x80000000000000004018051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b1de998b48854b2021-12-22 12:43:31.199root 11241100x80000000000000004018052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ccefb67b8a5f222021-12-22 12:43:31.199root 11241100x80000000000000004018053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8257be9241290042021-12-22 12:43:31.693root 11241100x80000000000000004018054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8024edec61c929142021-12-22 12:43:31.693root 11241100x80000000000000004018055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159c44a74e9437212021-12-22 12:43:31.693root 11241100x80000000000000004018056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a8e85ab197240a2021-12-22 12:43:31.693root 11241100x80000000000000004018057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091d87dcd124d0c32021-12-22 12:43:31.694root 11241100x80000000000000004018058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5d4caa1f13c5002021-12-22 12:43:31.694root 11241100x80000000000000004018059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f010be61e83e5ecf2021-12-22 12:43:31.694root 11241100x80000000000000004018060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f15a2b3ffce33372021-12-22 12:43:31.694root 11241100x80000000000000004018061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eed792af2d3c8bb2021-12-22 12:43:31.694root 11241100x80000000000000004018062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61a5f7cc541b7d52021-12-22 12:43:31.694root 11241100x80000000000000004018063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949d38730c3312822021-12-22 12:43:31.694root 11241100x80000000000000004018064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e049d08642155042021-12-22 12:43:31.694root 11241100x80000000000000004018065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce4b81b3b636a652021-12-22 12:43:31.695root 11241100x80000000000000004018066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dc2ebf78b5a8032021-12-22 12:43:31.695root 11241100x80000000000000004018067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722b58d09b822b262021-12-22 12:43:31.695root 11241100x80000000000000004018068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ec0b679f8fdc7c2021-12-22 12:43:31.695root 11241100x80000000000000004018069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c148b33dcb1f0d2021-12-22 12:43:31.695root 11241100x80000000000000004018070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06243a1e575cdcb82021-12-22 12:43:31.695root 11241100x80000000000000004018071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c563ddc98f9de772021-12-22 12:43:31.695root 11241100x80000000000000004018072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f4ee671fdbf7762021-12-22 12:43:31.695root 11241100x80000000000000004018073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe374770385e41632021-12-22 12:43:31.695root 11241100x80000000000000004018074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0526e0b2e459302021-12-22 12:43:31.696root 11241100x80000000000000004018075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2bbc2fb2d917802021-12-22 12:43:31.696root 11241100x80000000000000004018076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a1856c7fa51d892021-12-22 12:43:31.696root 11241100x80000000000000004018077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdd05a61c1f811f2021-12-22 12:43:31.696root 11241100x80000000000000004018078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed76d3de36caa702021-12-22 12:43:31.696root 11241100x80000000000000004018079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cf08515f211c362021-12-22 12:43:31.696root 11241100x80000000000000004018080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe6ba10f8b25f7d2021-12-22 12:43:31.696root 11241100x80000000000000004018081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265f0f341b6d23022021-12-22 12:43:31.696root 11241100x80000000000000004018082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcef2922a7325682021-12-22 12:43:31.696root 11241100x80000000000000004018083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fab9f560d2aa862021-12-22 12:43:31.697root 11241100x80000000000000004018084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0316fadc35d816fe2021-12-22 12:43:31.697root 11241100x80000000000000004018085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18691d9d43779d212021-12-22 12:43:31.697root 11241100x80000000000000004018086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732324292d2a63742021-12-22 12:43:31.697root 11241100x80000000000000004018087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deed3c5dbfcf1dee2021-12-22 12:43:31.697root 11241100x80000000000000004018088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10c42c19f4375392021-12-22 12:43:31.697root 11241100x80000000000000004018089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7e3aa2119fbd2d2021-12-22 12:43:31.697root 11241100x80000000000000004018090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551a88b2c6e833bf2021-12-22 12:43:31.698root 11241100x80000000000000004018091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859b69a9a8941ca82021-12-22 12:43:31.698root 11241100x80000000000000004018092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f07f8656b7825b2021-12-22 12:43:31.698root 11241100x80000000000000004018093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fcbbe11516be402021-12-22 12:43:31.698root 11241100x80000000000000004018094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572d927466de28192021-12-22 12:43:32.193root 11241100x80000000000000004018095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9b5ecc2df911052021-12-22 12:43:32.193root 11241100x80000000000000004018096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7255b0ddfecc4e692021-12-22 12:43:32.194root 11241100x80000000000000004018097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d42b762ea5f22982021-12-22 12:43:32.194root 11241100x80000000000000004018098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4abb107720fdd92021-12-22 12:43:32.194root 11241100x80000000000000004018099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d482573409d1fa2021-12-22 12:43:32.194root 11241100x80000000000000004018100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795225573b3bf0392021-12-22 12:43:32.194root 11241100x80000000000000004018101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb04a980acb45f7c2021-12-22 12:43:32.194root 11241100x80000000000000004018102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3787cf307cd182de2021-12-22 12:43:32.194root 11241100x80000000000000004018103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd55ceec8e209f5c2021-12-22 12:43:32.194root 11241100x80000000000000004018104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef6b375d68a998c2021-12-22 12:43:32.195root 11241100x80000000000000004018105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d5c4ee51f1828d2021-12-22 12:43:32.195root 11241100x80000000000000004018106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2677f4d369a7d4692021-12-22 12:43:32.195root 11241100x80000000000000004018107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7be0b841e8ef2372021-12-22 12:43:32.195root 11241100x80000000000000004018108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37105a9adecdc6122021-12-22 12:43:32.195root 11241100x80000000000000004018109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0544ad5d9cefb492021-12-22 12:43:32.195root 11241100x80000000000000004018110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5e65a4146c78ea2021-12-22 12:43:32.195root 11241100x80000000000000004018111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a154e27d73376f2021-12-22 12:43:32.195root 11241100x80000000000000004018112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b820d0857848b3c2021-12-22 12:43:32.196root 11241100x80000000000000004018113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7804273d676635b92021-12-22 12:43:32.196root 11241100x80000000000000004018114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddb3b80e15abc022021-12-22 12:43:32.196root 11241100x80000000000000004018115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767c55343bdc01d52021-12-22 12:43:32.196root 11241100x80000000000000004018116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7280fa78382f36322021-12-22 12:43:32.196root 11241100x80000000000000004018117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7eaff3307678be2021-12-22 12:43:32.196root 11241100x80000000000000004018118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3f6ee798a8548b2021-12-22 12:43:32.196root 11241100x80000000000000004018119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1891ea9e445bc3ad2021-12-22 12:43:32.196root 11241100x80000000000000004018120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a806b466b6ce50022021-12-22 12:43:32.196root 11241100x80000000000000004018121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1e011c5d3931172021-12-22 12:43:32.196root 11241100x80000000000000004018122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897796330dbfe96b2021-12-22 12:43:32.197root 11241100x80000000000000004018123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4e6743b4e65e422021-12-22 12:43:32.197root 11241100x80000000000000004018124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df386a6b779b7df2021-12-22 12:43:32.197root 11241100x80000000000000004018125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ad969aaf7e47df2021-12-22 12:43:32.197root 11241100x80000000000000004018126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dd26d6bb294f732021-12-22 12:43:32.197root 11241100x80000000000000004018127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e914db0e7e6e5d2021-12-22 12:43:32.693root 11241100x80000000000000004018128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c169ebe7096e6c2021-12-22 12:43:32.693root 11241100x80000000000000004018129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559ac4312215c6ac2021-12-22 12:43:32.693root 11241100x80000000000000004018130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58bc182f8085bdb2021-12-22 12:43:32.694root 11241100x80000000000000004018131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763094e296461d1b2021-12-22 12:43:32.694root 11241100x80000000000000004018132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b9d537eb8b0b692021-12-22 12:43:32.694root 11241100x80000000000000004018133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6306d40a7d0f7ebf2021-12-22 12:43:32.694root 11241100x80000000000000004018134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef29777d0b0351062021-12-22 12:43:32.694root 11241100x80000000000000004018135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882cfcdb3db931f42021-12-22 12:43:32.694root 11241100x80000000000000004018136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905ad3d7061e13fd2021-12-22 12:43:32.694root 11241100x80000000000000004018137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0cf928727d55072021-12-22 12:43:32.695root 11241100x80000000000000004018138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2986d82ff1d4233d2021-12-22 12:43:32.695root 11241100x80000000000000004018139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8727acd4e6fb6dbf2021-12-22 12:43:32.695root 11241100x80000000000000004018140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2383201b933b3e3e2021-12-22 12:43:32.695root 11241100x80000000000000004018141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe356741bef74d102021-12-22 12:43:32.695root 11241100x80000000000000004018142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61234e8daf103faa2021-12-22 12:43:32.695root 11241100x80000000000000004018143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c38ecf78b548f92021-12-22 12:43:32.695root 11241100x80000000000000004018144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dd070dbf69deb62021-12-22 12:43:32.695root 11241100x80000000000000004018145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07f4f9caa196e842021-12-22 12:43:32.695root 11241100x80000000000000004018146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbbeca03c2b4cd52021-12-22 12:43:32.695root 11241100x80000000000000004018147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c759a8f0053f01d52021-12-22 12:43:32.696root 11241100x80000000000000004018148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd8d50d991b7b9d2021-12-22 12:43:32.696root 11241100x80000000000000004018149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c965c2b19b81212021-12-22 12:43:32.696root 11241100x80000000000000004018150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc340675b02f8512021-12-22 12:43:32.696root 11241100x80000000000000004018151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6aa749b77b708f2021-12-22 12:43:32.696root 11241100x80000000000000004018152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997a48def90326c02021-12-22 12:43:32.696root 11241100x80000000000000004018153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cd036e8f5524782021-12-22 12:43:32.696root 11241100x80000000000000004018154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77919e647a7298462021-12-22 12:43:32.696root 11241100x80000000000000004018155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3eeb317fb8ab8b2021-12-22 12:43:32.697root 11241100x80000000000000004018156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20052a380dd843732021-12-22 12:43:32.697root 11241100x80000000000000004018157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed15ab18ac103c4f2021-12-22 12:43:32.697root 11241100x80000000000000004018158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cba8d33715b3c842021-12-22 12:43:32.697root 11241100x80000000000000004018159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b284878894af2462021-12-22 12:43:32.697root 11241100x80000000000000004018160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b184bf59c3ad38262021-12-22 12:43:32.698root 11241100x80000000000000004018161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ca89e04ddf338e2021-12-22 12:43:32.698root 11241100x80000000000000004018162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b756c4a7b534372021-12-22 12:43:32.698root 11241100x80000000000000004018163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852784d071cee8462021-12-22 12:43:32.698root 11241100x80000000000000004018164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59f1222e639dd9f2021-12-22 12:43:32.698root 11241100x80000000000000004018165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb56c6ddd7bd1d72021-12-22 12:43:32.699root 354300x80000000000000004018166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.048{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56816-false10.0.1.12-8000- 11241100x80000000000000004018167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d514510fd945a42021-12-22 12:43:33.049root 11241100x80000000000000004018168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f869bb5e1f8a0f2021-12-22 12:43:33.049root 11241100x80000000000000004018169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e8d0bb39d595322021-12-22 12:43:33.049root 11241100x80000000000000004018170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5284da0251edd6852021-12-22 12:43:33.049root 11241100x80000000000000004018171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108d7902b3ef2a1f2021-12-22 12:43:33.049root 11241100x80000000000000004018172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2170b97479e16242021-12-22 12:43:33.049root 11241100x80000000000000004018173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bde5c84128ae79c2021-12-22 12:43:33.049root 11241100x80000000000000004018174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6df78b04a9a9ae2021-12-22 12:43:33.050root 11241100x80000000000000004018175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607540065444b17e2021-12-22 12:43:33.050root 11241100x80000000000000004018176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed87736fcaaf90672021-12-22 12:43:33.050root 11241100x80000000000000004018177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723e9093272018d02021-12-22 12:43:33.050root 11241100x80000000000000004018178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94ae1d5ddc879572021-12-22 12:43:33.050root 11241100x80000000000000004018179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71a2d9bd2c144852021-12-22 12:43:33.050root 11241100x80000000000000004018180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9882f9860113512021-12-22 12:43:33.050root 11241100x80000000000000004018181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ecbf93657c190c2021-12-22 12:43:33.051root 11241100x80000000000000004018182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bf3f95321896622021-12-22 12:43:33.051root 11241100x80000000000000004018183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c0c73aa56caf082021-12-22 12:43:33.051root 11241100x80000000000000004018184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faef7583df0f3112021-12-22 12:43:33.051root 11241100x80000000000000004018185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2507b555f7c3a02021-12-22 12:43:33.051root 11241100x80000000000000004018186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006fd49f81c6f46e2021-12-22 12:43:33.052root 11241100x80000000000000004018187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf08852536fda912021-12-22 12:43:33.052root 11241100x80000000000000004018188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1d191c1b435b612021-12-22 12:43:33.052root 11241100x80000000000000004018189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f843df51311d65c2021-12-22 12:43:33.052root 11241100x80000000000000004018190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc00032d4d91c392021-12-22 12:43:33.052root 11241100x80000000000000004018191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0155d55886de162021-12-22 12:43:33.052root 11241100x80000000000000004018192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0dc3ec60475d5e42021-12-22 12:43:33.052root 11241100x80000000000000004018193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d3df9f87867be02021-12-22 12:43:33.053root 11241100x80000000000000004018194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e19a0b1dbbc2aad2021-12-22 12:43:33.053root 11241100x80000000000000004018195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d7880ec548679d2021-12-22 12:43:33.053root 11241100x80000000000000004018196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ade3038385ef992021-12-22 12:43:33.053root 11241100x80000000000000004018197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c3ab92506aade82021-12-22 12:43:33.053root 11241100x80000000000000004018198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f526af1a7b812e2021-12-22 12:43:33.053root 11241100x80000000000000004018199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe006fd642fa7d02021-12-22 12:43:33.053root 11241100x80000000000000004018200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93fcf7af35ba87a2021-12-22 12:43:33.053root 11241100x80000000000000004018201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8daf28d1c0563de2021-12-22 12:43:33.054root 11241100x80000000000000004018202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1281de16351b3d6d2021-12-22 12:43:33.054root 11241100x80000000000000004018203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5c98d1b4a77a432021-12-22 12:43:33.054root 11241100x80000000000000004018204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc6d9ecbe7bccd62021-12-22 12:43:33.054root 11241100x80000000000000004018205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b971f3a1520a1a372021-12-22 12:43:33.054root 11241100x80000000000000004018206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842fa11189577a9e2021-12-22 12:43:33.055root 11241100x80000000000000004018207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9abc2b8d0d9e232021-12-22 12:43:33.055root 11241100x80000000000000004018208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d2d06837d9f53f2021-12-22 12:43:33.055root 11241100x80000000000000004018209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25999dffa428fa3a2021-12-22 12:43:33.055root 11241100x80000000000000004018210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94938fff7d78787b2021-12-22 12:43:33.055root 11241100x80000000000000004018211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c75272c6942c762021-12-22 12:43:33.055root 11241100x80000000000000004018212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafa17a61cfc689c2021-12-22 12:43:33.056root 11241100x80000000000000004018213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.124{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:43:33.124root 11241100x80000000000000004018214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4484d309cb528eb22021-12-22 12:43:33.443root 11241100x80000000000000004018215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fef4e8f9eaad2e2021-12-22 12:43:33.443root 11241100x80000000000000004018216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad714b6ee9de6d9e2021-12-22 12:43:33.443root 11241100x80000000000000004018217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f7f57448c8822b2021-12-22 12:43:33.443root 11241100x80000000000000004018218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d0cf75b0dfb0d92021-12-22 12:43:33.443root 11241100x80000000000000004018219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8a1019332a64e62021-12-22 12:43:33.443root 11241100x80000000000000004018220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b39419af7decbc2021-12-22 12:43:33.443root 11241100x80000000000000004018221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064ccb72634dde8e2021-12-22 12:43:33.444root 11241100x80000000000000004018222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e942c672358f0232021-12-22 12:43:33.444root 11241100x80000000000000004018223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092a9bb8717bcb5f2021-12-22 12:43:33.444root 11241100x80000000000000004018224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e959296855d09d702021-12-22 12:43:33.444root 11241100x80000000000000004018225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f585f3f23023a382021-12-22 12:43:33.444root 11241100x80000000000000004018226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab0b268edc86fdd2021-12-22 12:43:33.445root 11241100x80000000000000004018227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154808db74576e472021-12-22 12:43:33.445root 11241100x80000000000000004018228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706021fc67ed51672021-12-22 12:43:33.445root 11241100x80000000000000004018229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c59d5b147d61812021-12-22 12:43:33.445root 11241100x80000000000000004018230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee74f22c37370aa42021-12-22 12:43:33.445root 11241100x80000000000000004018231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb7ab7ec3c8ab652021-12-22 12:43:33.446root 11241100x80000000000000004018232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1881bc822f3cf6202021-12-22 12:43:33.446root 11241100x80000000000000004018233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c738ae4169d2dfda2021-12-22 12:43:33.446root 11241100x80000000000000004018234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181711f72758ce422021-12-22 12:43:33.446root 11241100x80000000000000004018235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c00a87a7a9ccd42021-12-22 12:43:33.447root 11241100x80000000000000004018236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075e83196bc9ac702021-12-22 12:43:33.447root 11241100x80000000000000004018237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff150f0ba1c44e52021-12-22 12:43:33.447root 11241100x80000000000000004018238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad088a60cb8a4752021-12-22 12:43:33.447root 11241100x80000000000000004018239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe5b1072abcd9f22021-12-22 12:43:33.447root 11241100x80000000000000004018240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370060ce88628afa2021-12-22 12:43:33.448root 11241100x80000000000000004018241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8d220659f62bb52021-12-22 12:43:33.448root 11241100x80000000000000004018242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f4c5133bfcda632021-12-22 12:43:33.448root 11241100x80000000000000004018243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8388479bcd8fb2c72021-12-22 12:43:33.448root 11241100x80000000000000004018244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64311c0cc50445b12021-12-22 12:43:33.449root 11241100x80000000000000004018245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332ce52413356c152021-12-22 12:43:33.449root 11241100x80000000000000004018246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eecc41bae6703f2021-12-22 12:43:33.449root 11241100x80000000000000004018247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc11e0e0a4ef1b32021-12-22 12:43:33.449root 11241100x80000000000000004018248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0d20f7434508a32021-12-22 12:43:33.450root 11241100x80000000000000004018249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dda47fbed744a32021-12-22 12:43:33.450root 11241100x80000000000000004018250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f07029796e3c9db2021-12-22 12:43:33.450root 11241100x80000000000000004018251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c39c617f4c8b012021-12-22 12:43:33.450root 11241100x80000000000000004018252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108cdc4df8cddaf2021-12-22 12:43:33.450root 11241100x80000000000000004018253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0427217c91751f8e2021-12-22 12:43:33.943root 11241100x80000000000000004018254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c1b9feabe6b17c2021-12-22 12:43:33.943root 11241100x80000000000000004018255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336b1e5e5b2850e92021-12-22 12:43:33.944root 11241100x80000000000000004018256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbb99b8b3d5436c2021-12-22 12:43:33.944root 11241100x80000000000000004018257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec4e65c86cc88312021-12-22 12:43:33.944root 11241100x80000000000000004018258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a03fde6437c97252021-12-22 12:43:33.945root 11241100x80000000000000004018259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b27f6e6c132aae2021-12-22 12:43:33.945root 11241100x80000000000000004018260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65727954fd5c08cc2021-12-22 12:43:33.945root 11241100x80000000000000004018261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e645c1c2b2df6b792021-12-22 12:43:33.945root 11241100x80000000000000004018262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3561b13ce696d8162021-12-22 12:43:33.945root 11241100x80000000000000004018263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b921e1dc923b63ab2021-12-22 12:43:33.945root 11241100x80000000000000004018264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8280ca5d8e14a802021-12-22 12:43:33.945root 11241100x80000000000000004018265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3ece5bc7fa29d12021-12-22 12:43:33.946root 11241100x80000000000000004018266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7dd5584cc4b19f2021-12-22 12:43:33.946root 11241100x80000000000000004018267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3872fd465ea164d2021-12-22 12:43:33.946root 11241100x80000000000000004018268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3b7023ddfb07572021-12-22 12:43:33.946root 11241100x80000000000000004018269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745d92ca68a33c502021-12-22 12:43:33.946root 11241100x80000000000000004018270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1aa703080a114e2021-12-22 12:43:33.946root 11241100x80000000000000004018271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b49c210b7564e42021-12-22 12:43:33.946root 11241100x80000000000000004018272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8176fd9916c90d2021-12-22 12:43:33.947root 11241100x80000000000000004018273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6af01927fb762572021-12-22 12:43:33.947root 11241100x80000000000000004018274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790915b6202f1aec2021-12-22 12:43:33.947root 11241100x80000000000000004018275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d361601574c3562021-12-22 12:43:33.947root 11241100x80000000000000004018276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c60c4c4ba4a9682021-12-22 12:43:33.947root 11241100x80000000000000004018277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb3786828ba1d4c2021-12-22 12:43:33.947root 11241100x80000000000000004018278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c51923b47f345582021-12-22 12:43:33.948root 11241100x80000000000000004018279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4704768bb12278852021-12-22 12:43:33.948root 11241100x80000000000000004018280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688a729c9336b3f52021-12-22 12:43:33.948root 11241100x80000000000000004018281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b812dc8fe016f9662021-12-22 12:43:33.948root 11241100x80000000000000004018282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce68019b0a9ec382021-12-22 12:43:33.948root 11241100x80000000000000004018283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85edaa8e0aae99eb2021-12-22 12:43:33.948root 11241100x80000000000000004018284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee24789defed6f42021-12-22 12:43:33.948root 11241100x80000000000000004018285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aadec15995c18122021-12-22 12:43:33.949root 11241100x80000000000000004018286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2676d7dcc860f182021-12-22 12:43:33.949root 11241100x80000000000000004018287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb4204f2b97d8ea2021-12-22 12:43:33.949root 354300x80000000000000004018288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.293{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-43882-false10.0.1.12-8089- 11241100x80000000000000004018289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c79818d039e645f2021-12-22 12:43:34.294root 11241100x80000000000000004018290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4930e2da715c252021-12-22 12:43:34.294root 11241100x80000000000000004018291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d445bcbc25721d402021-12-22 12:43:34.294root 11241100x80000000000000004018292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cd5cde9c54171b2021-12-22 12:43:34.294root 11241100x80000000000000004018293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eac5924b7b550f2021-12-22 12:43:34.294root 11241100x80000000000000004018294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a45a3ba97eea56e2021-12-22 12:43:34.294root 11241100x80000000000000004018295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9560beb2179c13162021-12-22 12:43:34.294root 11241100x80000000000000004018296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0744b65b0d6a1a2021-12-22 12:43:34.294root 11241100x80000000000000004018297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e31e7342dc1342021-12-22 12:43:34.294root 11241100x80000000000000004018298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734845c3a39b22ca2021-12-22 12:43:34.294root 11241100x80000000000000004018299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faece57cbadb1ba52021-12-22 12:43:34.295root 11241100x80000000000000004018300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c644de841ad1af2021-12-22 12:43:34.295root 11241100x80000000000000004018301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c97f7ecdbc0ee72021-12-22 12:43:34.295root 11241100x80000000000000004018302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f4058dbcfe7e482021-12-22 12:43:34.295root 11241100x80000000000000004018303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faac88aa75a578362021-12-22 12:43:34.295root 11241100x80000000000000004018304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396bbebe4b3033602021-12-22 12:43:34.295root 11241100x80000000000000004018305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcddb1dcc37242b62021-12-22 12:43:34.295root 11241100x80000000000000004018306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3cfd7d692479722021-12-22 12:43:34.295root 11241100x80000000000000004018307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82f5af7053f12912021-12-22 12:43:34.295root 11241100x80000000000000004018308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91e6a01ec19b27d2021-12-22 12:43:34.295root 11241100x80000000000000004018309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0a71a599b49e22021-12-22 12:43:34.295root 11241100x80000000000000004018310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ac247eadf218902021-12-22 12:43:34.295root 11241100x80000000000000004018311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c5d35ede4ed8fb2021-12-22 12:43:34.295root 11241100x80000000000000004018312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582b468ee835aaf42021-12-22 12:43:34.296root 11241100x80000000000000004018313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb8a482b629b7fb2021-12-22 12:43:34.296root 11241100x80000000000000004018314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaf225706355b232021-12-22 12:43:34.296root 11241100x80000000000000004018315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48b5c4f55a5308e2021-12-22 12:43:34.296root 11241100x80000000000000004018316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762f1aa0231e7e502021-12-22 12:43:34.296root 11241100x80000000000000004018317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0feadd03b9738392021-12-22 12:43:34.296root 11241100x80000000000000004018318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34236561dc6765532021-12-22 12:43:34.296root 11241100x80000000000000004018319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b4b554cf06ba292021-12-22 12:43:34.296root 11241100x80000000000000004018320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b3f5a6af693e3b2021-12-22 12:43:34.296root 11241100x80000000000000004018321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a7f687a2d38c9e2021-12-22 12:43:34.296root 11241100x80000000000000004018322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1ed955215908b72021-12-22 12:43:34.296root 11241100x80000000000000004018323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efa597c283687612021-12-22 12:43:34.296root 11241100x80000000000000004018324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941b67d8322391952021-12-22 12:43:34.297root 11241100x80000000000000004018325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd50fa116b6fa6b2021-12-22 12:43:34.297root 11241100x80000000000000004018326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b93c7186e65af72021-12-22 12:43:34.297root 11241100x80000000000000004018327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7c57119a3665362021-12-22 12:43:34.297root 11241100x80000000000000004018328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b6f7163b6617fa2021-12-22 12:43:34.297root 11241100x80000000000000004018329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6d8a5927841e722021-12-22 12:43:34.297root 11241100x80000000000000004018330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738837c03470b3322021-12-22 12:43:34.297root 11241100x80000000000000004018331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fdc57a8eddb7bb2021-12-22 12:43:34.297root 11241100x80000000000000004018332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bf9f342799f36d2021-12-22 12:43:34.297root 11241100x80000000000000004018333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c91e96f6395dba2021-12-22 12:43:34.297root 11241100x80000000000000004018334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5730ddb719d9972021-12-22 12:43:34.297root 11241100x80000000000000004018335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d133350aacbe3f2021-12-22 12:43:34.297root 11241100x80000000000000004018336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bc937151f46fc12021-12-22 12:43:34.297root 11241100x80000000000000004018337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d43862810a852062021-12-22 12:43:34.297root 11241100x80000000000000004018338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6211ebeb98c8ac2021-12-22 12:43:34.297root 11241100x80000000000000004018339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d1cf6348cd9b002021-12-22 12:43:34.297root 11241100x80000000000000004018340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a1f37d44ef85dd2021-12-22 12:43:34.298root 11241100x80000000000000004018341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c4ef75b10a588a2021-12-22 12:43:34.298root 11241100x80000000000000004018342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30b83969c0f7f722021-12-22 12:43:34.299root 11241100x80000000000000004018343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d16d4aa1fa50372021-12-22 12:43:34.299root 11241100x80000000000000004018344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0837976d613fc9a2021-12-22 12:43:34.299root 11241100x80000000000000004018345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a428110ab92b0a52021-12-22 12:43:34.299root 11241100x80000000000000004018346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02abc6988fc2391e2021-12-22 12:43:34.299root 11241100x80000000000000004018347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e7d09dfe02d90d2021-12-22 12:43:34.299root 11241100x80000000000000004018348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9be88944b83ded2021-12-22 12:43:34.300root 11241100x80000000000000004018349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bb95115fa366b52021-12-22 12:43:34.300root 11241100x80000000000000004018350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dca812126bbb8c32021-12-22 12:43:34.300root 11241100x80000000000000004018351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6cf5a72eb6c51d2021-12-22 12:43:34.300root 11241100x80000000000000004018352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0ce3b93d11dcc62021-12-22 12:43:34.300root 11241100x80000000000000004018353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3cce6965926e3c2021-12-22 12:43:34.300root 11241100x80000000000000004018354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2d2141ecca6df22021-12-22 12:43:34.300root 11241100x80000000000000004018355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5f5e18d7bea1562021-12-22 12:43:34.300root 11241100x80000000000000004018356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f16dc96a911f31e2021-12-22 12:43:34.300root 11241100x80000000000000004018357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96be1619f76bfeae2021-12-22 12:43:34.300root 11241100x80000000000000004018358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189be8218c854ba92021-12-22 12:43:34.300root 11241100x80000000000000004018359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c05d030d135b4892021-12-22 12:43:34.300root 11241100x80000000000000004018360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5befb7c620526d632021-12-22 12:43:34.301root 11241100x80000000000000004018361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4021849c05b510ee2021-12-22 12:43:34.301root 11241100x80000000000000004018362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28af2b65d42527e32021-12-22 12:43:34.301root 11241100x80000000000000004018363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bae73d971c5a3cf2021-12-22 12:43:34.301root 11241100x80000000000000004018364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444a5a0567f1a2ff2021-12-22 12:43:34.301root 11241100x80000000000000004018365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce06376c44a81cf72021-12-22 12:43:34.301root 11241100x80000000000000004018366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145eb2463baa8b1a2021-12-22 12:43:34.302root 11241100x80000000000000004018367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db121865eaa5f632021-12-22 12:43:34.303root 11241100x80000000000000004018368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063f4d6f62a311c02021-12-22 12:43:34.303root 11241100x80000000000000004018369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dd5f60647a71982021-12-22 12:43:34.303root 11241100x80000000000000004018370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8bc1be228f24952021-12-22 12:43:34.303root 11241100x80000000000000004018371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c2c6e55c52ab612021-12-22 12:43:34.303root 11241100x80000000000000004018372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f4cb16580dd4f72021-12-22 12:43:34.303root 11241100x80000000000000004018373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1182dd06a3349cb72021-12-22 12:43:34.303root 11241100x80000000000000004018374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f3f13fdb536f942021-12-22 12:43:34.303root 11241100x80000000000000004018375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08dac823c25404c2021-12-22 12:43:34.692root 11241100x80000000000000004018376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3547c00deefd36a62021-12-22 12:43:34.693root 11241100x80000000000000004018377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293dc4dc576a38ca2021-12-22 12:43:34.693root 11241100x80000000000000004018378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4bc00f49c589cf2021-12-22 12:43:34.693root 11241100x80000000000000004018379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d18c87090357e92021-12-22 12:43:34.694root 11241100x80000000000000004018380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9ecc830c3f0d852021-12-22 12:43:34.694root 11241100x80000000000000004018381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23126a2d6b3c3eac2021-12-22 12:43:34.694root 11241100x80000000000000004018382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0c6ce6557a03de2021-12-22 12:43:34.694root 11241100x80000000000000004018383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0de24397caf9012021-12-22 12:43:34.694root 11241100x80000000000000004018384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9845055101bee5c62021-12-22 12:43:34.695root 11241100x80000000000000004018385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdb56cf1098a1e22021-12-22 12:43:34.695root 11241100x80000000000000004018386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9469ea1b5c32d94f2021-12-22 12:43:34.695root 11241100x80000000000000004018387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf12a4c0eb0161952021-12-22 12:43:34.696root 11241100x80000000000000004018388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0acdbe1c36748bd2021-12-22 12:43:34.696root 11241100x80000000000000004018389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001f3ee5de4b620a2021-12-22 12:43:34.696root 11241100x80000000000000004018390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dd04abcd6ae9332021-12-22 12:43:34.696root 11241100x80000000000000004018391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eae9634d10790a2021-12-22 12:43:34.697root 11241100x80000000000000004018392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9f608c994f9e102021-12-22 12:43:34.697root 11241100x80000000000000004018393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092d9cbb8462983d2021-12-22 12:43:34.697root 11241100x80000000000000004018394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cdae5f463e97c72021-12-22 12:43:34.697root 11241100x80000000000000004018395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f95732cd45aa982021-12-22 12:43:34.698root 11241100x80000000000000004018396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db4330aaad179c72021-12-22 12:43:34.698root 11241100x80000000000000004018397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ca3d9ddbd8a3402021-12-22 12:43:34.698root 11241100x80000000000000004018398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcbe22d4ff37b372021-12-22 12:43:34.698root 11241100x80000000000000004018399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e608f74af9f5632021-12-22 12:43:34.699root 11241100x80000000000000004018400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ebd8f6c1b4017e2021-12-22 12:43:34.699root 11241100x80000000000000004018401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725825f07440ab232021-12-22 12:43:34.699root 11241100x80000000000000004018402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafedbf13b9b1f342021-12-22 12:43:34.699root 11241100x80000000000000004018403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e626c967d48e57f82021-12-22 12:43:34.700root 11241100x80000000000000004018404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6df6c2ee53bf5342021-12-22 12:43:34.700root 11241100x80000000000000004018405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a40811027217dd32021-12-22 12:43:34.700root 11241100x80000000000000004018406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bafa52014a6871d2021-12-22 12:43:34.700root 11241100x80000000000000004018407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096da4e9fce2fc1b2021-12-22 12:43:34.700root 11241100x80000000000000004018408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effe81ba699b76472021-12-22 12:43:34.700root 11241100x80000000000000004018409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d50077383fa0552021-12-22 12:43:34.700root 11241100x80000000000000004018410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a92670820dcc93a2021-12-22 12:43:34.700root 11241100x80000000000000004018411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ad9cf39db2d0be2021-12-22 12:43:34.700root 11241100x80000000000000004018412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c812b1d466c42def2021-12-22 12:43:34.701root 11241100x80000000000000004018413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00b4dd9ed1df0312021-12-22 12:43:34.701root 11241100x80000000000000004018414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58952d779cac0a2e2021-12-22 12:43:34.701root 11241100x80000000000000004018415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03ba3dd5c09cc5e2021-12-22 12:43:34.701root 11241100x80000000000000004018416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a159e04997a7c62021-12-22 12:43:34.701root 11241100x80000000000000004018417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02aef51b6f6ed332021-12-22 12:43:34.701root 11241100x80000000000000004018418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa340b499481d59b2021-12-22 12:43:35.193root 11241100x80000000000000004018419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b7e2d4303d0fb62021-12-22 12:43:35.193root 11241100x80000000000000004018420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0202969eec1991322021-12-22 12:43:35.193root 11241100x80000000000000004018421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ef6bffbe8f31552021-12-22 12:43:35.193root 11241100x80000000000000004018422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a0b2751973acab2021-12-22 12:43:35.194root 11241100x80000000000000004018423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7e0c0f2093f63e2021-12-22 12:43:35.194root 11241100x80000000000000004018424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645de171c3b5ec852021-12-22 12:43:35.194root 11241100x80000000000000004018425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7280975a55bc0b1a2021-12-22 12:43:35.194root 11241100x80000000000000004018426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d20916b940f30722021-12-22 12:43:35.194root 11241100x80000000000000004018427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca084df455f62e52021-12-22 12:43:35.194root 11241100x80000000000000004018428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cc391caf70da1a2021-12-22 12:43:35.194root 11241100x80000000000000004018429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d714565c69a1b2021-12-22 12:43:35.194root 11241100x80000000000000004018430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45d6f61889fe7cc2021-12-22 12:43:35.194root 11241100x80000000000000004018431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2c6577a25f33ad2021-12-22 12:43:35.195root 11241100x80000000000000004018432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33cec9ca10a885c2021-12-22 12:43:35.195root 11241100x80000000000000004018433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41866bd59040174b2021-12-22 12:43:35.195root 11241100x80000000000000004018434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a81e7b157dcbf062021-12-22 12:43:35.195root 11241100x80000000000000004018435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ae0631f091bc572021-12-22 12:43:35.195root 11241100x80000000000000004018436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8fdd984e1390c52021-12-22 12:43:35.195root 11241100x80000000000000004018437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6066d75253d6a32021-12-22 12:43:35.196root 11241100x80000000000000004018438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60333c5178d6db732021-12-22 12:43:35.196root 11241100x80000000000000004018439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708be887ee0f5e2a2021-12-22 12:43:35.196root 11241100x80000000000000004018440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6572294d5ca3e13b2021-12-22 12:43:35.196root 11241100x80000000000000004018441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeef0b304326e7a2021-12-22 12:43:35.196root 11241100x80000000000000004018442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a474fdc1b5d7e30f2021-12-22 12:43:35.196root 11241100x80000000000000004018443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14db8b3106395ce2021-12-22 12:43:35.197root 11241100x80000000000000004018444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b80a5db2e29b022021-12-22 12:43:35.197root 11241100x80000000000000004018445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceaf71ec1e69ac02021-12-22 12:43:35.197root 11241100x80000000000000004018446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91f160b023f74f02021-12-22 12:43:35.198root 11241100x80000000000000004018447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af525a44e1818bac2021-12-22 12:43:35.198root 11241100x80000000000000004018448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb1bf2af3229bc92021-12-22 12:43:35.198root 11241100x80000000000000004018449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703e4d14076517542021-12-22 12:43:35.198root 11241100x80000000000000004018450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd36021bef1958452021-12-22 12:43:35.198root 11241100x80000000000000004018451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609397258fb486642021-12-22 12:43:35.198root 11241100x80000000000000004018452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a13c5a9635c35c2021-12-22 12:43:35.199root 11241100x80000000000000004018453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8915d2a41c531b852021-12-22 12:43:35.199root 11241100x80000000000000004018454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4259be029a5b67d2021-12-22 12:43:35.693root 11241100x80000000000000004018455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360efaf9c07088cf2021-12-22 12:43:35.693root 11241100x80000000000000004018456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749a648445f6130e2021-12-22 12:43:35.694root 11241100x80000000000000004018457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3113d8d52ffad82021-12-22 12:43:35.694root 11241100x80000000000000004018458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448e07b32ef2b8dd2021-12-22 12:43:35.694root 11241100x80000000000000004018459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c2995e5ba2f9c22021-12-22 12:43:35.694root 11241100x80000000000000004018460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3135a9c86c0ab7882021-12-22 12:43:35.694root 11241100x80000000000000004018461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcfbd607139ac022021-12-22 12:43:35.695root 11241100x80000000000000004018462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa47ffd2ff7e5a82021-12-22 12:43:35.695root 11241100x80000000000000004018463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717159813c43e36c2021-12-22 12:43:35.695root 11241100x80000000000000004018464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff82341663f5cbb2021-12-22 12:43:35.695root 11241100x80000000000000004018465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779e8cc842930e682021-12-22 12:43:35.695root 11241100x80000000000000004018466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60ccc372c51830e2021-12-22 12:43:35.695root 11241100x80000000000000004018467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9862351fbb0b542021-12-22 12:43:35.695root 11241100x80000000000000004018468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd41ee2c21971bc12021-12-22 12:43:35.696root 11241100x80000000000000004018469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709197238ec4ebc92021-12-22 12:43:35.696root 11241100x80000000000000004018470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff18a0d67f4e07622021-12-22 12:43:35.696root 11241100x80000000000000004018471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455e0780461b92f52021-12-22 12:43:35.696root 11241100x80000000000000004018472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809824a5dab456232021-12-22 12:43:35.696root 11241100x80000000000000004018473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3374bf40f621b8c52021-12-22 12:43:35.696root 11241100x80000000000000004018474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48378798f5f99b92021-12-22 12:43:35.696root 11241100x80000000000000004018475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dc3a91720bbdc52021-12-22 12:43:35.696root 11241100x80000000000000004018476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfe69650a8501642021-12-22 12:43:35.696root 11241100x80000000000000004018477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae3380b1130a4452021-12-22 12:43:35.697root 11241100x80000000000000004018478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ea7ea1379d31b92021-12-22 12:43:35.697root 11241100x80000000000000004018479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0638687b3ce2672021-12-22 12:43:35.697root 11241100x80000000000000004018480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c843136f8adb9d2021-12-22 12:43:35.697root 11241100x80000000000000004018481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2078498f5610bc2021-12-22 12:43:35.697root 11241100x80000000000000004018482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92e15c1f2f13d3f2021-12-22 12:43:35.697root 11241100x80000000000000004018483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244bfe7c1a3038c72021-12-22 12:43:35.697root 11241100x80000000000000004018484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94831dba959f57b32021-12-22 12:43:35.697root 11241100x80000000000000004018485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2bbbb8a1b454ce2021-12-22 12:43:35.697root 11241100x80000000000000004018486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20655652350866d2021-12-22 12:43:35.697root 11241100x80000000000000004018487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e0fa38d463b2f92021-12-22 12:43:35.698root 11241100x80000000000000004018488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c1e8b7120f07562021-12-22 12:43:35.698root 11241100x80000000000000004018489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6072880f352bac242021-12-22 12:43:35.698root 11241100x80000000000000004018490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810afe606cf3664b2021-12-22 12:43:35.698root 11241100x80000000000000004018491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe10b438da777ec22021-12-22 12:43:36.193root 11241100x80000000000000004018492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04583d529ee4db0d2021-12-22 12:43:36.193root 11241100x80000000000000004018493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ddfa48629edfe12021-12-22 12:43:36.193root 11241100x80000000000000004018494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67ad935d1cf07562021-12-22 12:43:36.193root 11241100x80000000000000004018495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b42486598e7318e2021-12-22 12:43:36.194root 11241100x80000000000000004018496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf9c7fde579b25e2021-12-22 12:43:36.194root 11241100x80000000000000004018497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd0958caf4632e22021-12-22 12:43:36.194root 11241100x80000000000000004018498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f485ac0f7ba99142021-12-22 12:43:36.194root 11241100x80000000000000004018499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376f457bac96c9b32021-12-22 12:43:36.194root 11241100x80000000000000004018500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b88ab0879f2255c2021-12-22 12:43:36.194root 11241100x80000000000000004018501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7113a2633415cec42021-12-22 12:43:36.194root 11241100x80000000000000004018502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4caacd8c4bd7752021-12-22 12:43:36.194root 11241100x80000000000000004018503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9101b5bd83a76dba2021-12-22 12:43:36.194root 11241100x80000000000000004018504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db0d032dd121a0c2021-12-22 12:43:36.194root 11241100x80000000000000004018505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4961219b829393c42021-12-22 12:43:36.195root 11241100x80000000000000004018506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2a7317522c09812021-12-22 12:43:36.195root 11241100x80000000000000004018507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe753c47c36a362b2021-12-22 12:43:36.195root 11241100x80000000000000004018508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6726217131da7d642021-12-22 12:43:36.195root 11241100x80000000000000004018509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8825c2c0d77c0de2021-12-22 12:43:36.195root 11241100x80000000000000004018510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13af86b3293a67e2021-12-22 12:43:36.195root 11241100x80000000000000004018511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b6b01667cda7212021-12-22 12:43:36.195root 11241100x80000000000000004018512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb22a76c8b041f62021-12-22 12:43:36.195root 11241100x80000000000000004018513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b8b08173a4b3332021-12-22 12:43:36.196root 11241100x80000000000000004018514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041adb7f7c2b00032021-12-22 12:43:36.196root 11241100x80000000000000004018515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160c60bbf2aa22db2021-12-22 12:43:36.196root 11241100x80000000000000004018516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2848c7cd4c42fe2021-12-22 12:43:36.196root 11241100x80000000000000004018517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c917b7cf591206c2021-12-22 12:43:36.196root 11241100x80000000000000004018518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf798232ebeca11e2021-12-22 12:43:36.196root 11241100x80000000000000004018519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b4756901a684b52021-12-22 12:43:36.196root 11241100x80000000000000004018520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6126d0581e1bfa902021-12-22 12:43:36.196root 11241100x80000000000000004018521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fdff6fda02e4d12021-12-22 12:43:36.196root 11241100x80000000000000004018522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa084250fef786f82021-12-22 12:43:36.196root 11241100x80000000000000004018523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aae84272ef5f9e2021-12-22 12:43:36.196root 11241100x80000000000000004018524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884ad0285a734ac12021-12-22 12:43:36.197root 11241100x80000000000000004018525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2d52c7f8df2a1d2021-12-22 12:43:36.197root 11241100x80000000000000004018526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9153424e2e6c6cbd2021-12-22 12:43:36.197root 11241100x80000000000000004018527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e94a4314b6da2882021-12-22 12:43:36.692root 11241100x80000000000000004018528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d104a48f52d4b22021-12-22 12:43:36.693root 11241100x80000000000000004018529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0428a56153db61a02021-12-22 12:43:36.693root 11241100x80000000000000004018530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2886bf389a552b42021-12-22 12:43:36.693root 11241100x80000000000000004018531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817162559af067b92021-12-22 12:43:36.693root 11241100x80000000000000004018532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff94fe89fce2dba2021-12-22 12:43:36.693root 11241100x80000000000000004018533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a61a4ce1ff8c502021-12-22 12:43:36.693root 11241100x80000000000000004018534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6196020964e73a4e2021-12-22 12:43:36.693root 11241100x80000000000000004018535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a8308674d90bbf2021-12-22 12:43:36.694root 11241100x80000000000000004018536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e91314615c579262021-12-22 12:43:36.694root 11241100x80000000000000004018537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac55c23bf139cd1a2021-12-22 12:43:36.694root 11241100x80000000000000004018538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6435b185aba6d162021-12-22 12:43:36.694root 11241100x80000000000000004018539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb4979994b1378e2021-12-22 12:43:36.694root 11241100x80000000000000004018540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8398c94648b3693d2021-12-22 12:43:36.694root 11241100x80000000000000004018541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a78f7f2a8641a82021-12-22 12:43:36.694root 11241100x80000000000000004018542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732958b21ca4cb8a2021-12-22 12:43:36.695root 11241100x80000000000000004018543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715bc890d879df0f2021-12-22 12:43:36.695root 11241100x80000000000000004018544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d499ca46ad9ceb52021-12-22 12:43:36.695root 11241100x80000000000000004018545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fde2d5788c119002021-12-22 12:43:36.695root 11241100x80000000000000004018546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57156472d9945d912021-12-22 12:43:36.695root 11241100x80000000000000004018547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad643e913817c59f2021-12-22 12:43:36.695root 11241100x80000000000000004018548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e1ea7c39f6d3c22021-12-22 12:43:36.695root 11241100x80000000000000004018549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46143f5976b741ec2021-12-22 12:43:36.696root 11241100x80000000000000004018550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80db0e5d28284292021-12-22 12:43:36.696root 11241100x80000000000000004018551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10a00e434cb8acd2021-12-22 12:43:36.697root 11241100x80000000000000004018552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd5a2165ed280522021-12-22 12:43:36.697root 11241100x80000000000000004018553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5418788c5a3e6faa2021-12-22 12:43:36.697root 11241100x80000000000000004018554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bdfc13516401132021-12-22 12:43:36.698root 11241100x80000000000000004018555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8606f7b264919002021-12-22 12:43:36.698root 11241100x80000000000000004018556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e97ec907c3cab72021-12-22 12:43:36.698root 11241100x80000000000000004018557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb211a4f203edb0b2021-12-22 12:43:36.698root 11241100x80000000000000004018558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e33c4c753d2d0772021-12-22 12:43:36.698root 11241100x80000000000000004018559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ed89af925be58e2021-12-22 12:43:36.698root 11241100x80000000000000004018560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f6293553ca7f212021-12-22 12:43:36.698root 11241100x80000000000000004018561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1f438276b948b72021-12-22 12:43:36.699root 11241100x80000000000000004018562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dc57559f4f8ed12021-12-22 12:43:36.699root 11241100x80000000000000004018563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cad1c8b3b9c1f62021-12-22 12:43:36.699root 11241100x80000000000000004018564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4e9cc9f45c298e2021-12-22 12:43:36.699root 11241100x80000000000000004018565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cb4da5e3b8ba792021-12-22 12:43:36.699root 11241100x80000000000000004018566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66de44f43559889a2021-12-22 12:43:36.699root 11241100x80000000000000004018567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5c3c70454936b72021-12-22 12:43:36.699root 11241100x80000000000000004018568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376d6f2dd0b457452021-12-22 12:43:36.699root 11241100x80000000000000004018569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548899c9143f4c742021-12-22 12:43:37.192root 11241100x80000000000000004018570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b040af47e9e055d92021-12-22 12:43:37.193root 11241100x80000000000000004018571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc59e3d82ba818082021-12-22 12:43:37.193root 11241100x80000000000000004018572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed494041761dc8682021-12-22 12:43:37.194root 11241100x80000000000000004018573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac72b503e4a4bbd22021-12-22 12:43:37.194root 11241100x80000000000000004018574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9380642cf12467a72021-12-22 12:43:37.195root 11241100x80000000000000004018575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46f91b1a8b18d052021-12-22 12:43:37.195root 11241100x80000000000000004018576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5b6abb15439bbb2021-12-22 12:43:37.195root 11241100x80000000000000004018577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd08cd9f0fb5f3c2021-12-22 12:43:37.196root 11241100x80000000000000004018578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c0881c815ca75c2021-12-22 12:43:37.196root 11241100x80000000000000004018579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6d5d4a57dacec52021-12-22 12:43:37.196root 11241100x80000000000000004018580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0292ae9eb0158a4d2021-12-22 12:43:37.197root 11241100x80000000000000004018581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c13adc16118b7442021-12-22 12:43:37.197root 11241100x80000000000000004018582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb91d14ec4a5bb62021-12-22 12:43:37.197root 11241100x80000000000000004018583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187ea54bb407bf542021-12-22 12:43:37.197root 11241100x80000000000000004018584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcba9cef087226b92021-12-22 12:43:37.198root 11241100x80000000000000004018585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400f56fbcfac844a2021-12-22 12:43:37.198root 11241100x80000000000000004018586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6db79bb9fa7d4752021-12-22 12:43:37.198root 11241100x80000000000000004018587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06aeec8b0f0e1492021-12-22 12:43:37.198root 11241100x80000000000000004018588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632561adb89107b22021-12-22 12:43:37.198root 11241100x80000000000000004018589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3f0166cc4d94c82021-12-22 12:43:37.198root 11241100x80000000000000004018590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f704974746a90e5e2021-12-22 12:43:37.199root 11241100x80000000000000004018591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ae1b8352868cc62021-12-22 12:43:37.199root 11241100x80000000000000004018592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b107406c5efd5de82021-12-22 12:43:37.199root 11241100x80000000000000004018593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1678a64172e866e22021-12-22 12:43:37.199root 11241100x80000000000000004018594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bcf92a6156ebbf2021-12-22 12:43:37.199root 11241100x80000000000000004018595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd88a897d7dac6e22021-12-22 12:43:37.199root 11241100x80000000000000004018596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b2cb94f9ee75972021-12-22 12:43:37.199root 11241100x80000000000000004018597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6da154b7f130922021-12-22 12:43:37.200root 11241100x80000000000000004018598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ebb5985963281f2021-12-22 12:43:37.200root 11241100x80000000000000004018599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af433fbee49b3f042021-12-22 12:43:37.200root 11241100x80000000000000004018600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5748521937e4872021-12-22 12:43:37.200root 11241100x80000000000000004018601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebe500dfedc8a512021-12-22 12:43:37.200root 11241100x80000000000000004018602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf43d386fe64e8a82021-12-22 12:43:37.200root 11241100x80000000000000004018603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efaeb8f4355c2222021-12-22 12:43:37.200root 11241100x80000000000000004018604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ac92bfa650f9cb2021-12-22 12:43:37.200root 11241100x80000000000000004018605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cf4ef11ff3db382021-12-22 12:43:37.200root 11241100x80000000000000004018606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41aaa1ce05a15552021-12-22 12:43:37.201root 11241100x80000000000000004018607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cf1310d9b7018b2021-12-22 12:43:37.201root 11241100x80000000000000004018608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e0ca9ae48d93ec2021-12-22 12:43:37.693root 11241100x80000000000000004018609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e494c773bb2a5e2021-12-22 12:43:37.693root 11241100x80000000000000004018610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35668d5b90d2a5d2021-12-22 12:43:37.693root 11241100x80000000000000004018611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973ef5b8c79911692021-12-22 12:43:37.693root 11241100x80000000000000004018612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab47a6842f100a652021-12-22 12:43:37.694root 11241100x80000000000000004018613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0858de5f4dc6e9172021-12-22 12:43:37.694root 11241100x80000000000000004018614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c08d9891635dbc2021-12-22 12:43:37.694root 11241100x80000000000000004018615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b8eac8ba1a373a2021-12-22 12:43:37.694root 11241100x80000000000000004018616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9903088db6cb502021-12-22 12:43:37.694root 11241100x80000000000000004018617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5074e04c30d406f82021-12-22 12:43:37.694root 11241100x80000000000000004018618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a93e30ee99b95ae2021-12-22 12:43:37.694root 11241100x80000000000000004018619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd7765cd658223a2021-12-22 12:43:37.695root 11241100x80000000000000004018620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b526a6725a7a65d82021-12-22 12:43:37.695root 11241100x80000000000000004018621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5614404eb14b0a912021-12-22 12:43:37.695root 11241100x80000000000000004018622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45910821a6232a382021-12-22 12:43:37.695root 11241100x80000000000000004018623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae86778c4415cb22021-12-22 12:43:37.695root 11241100x80000000000000004018624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9687d7065b7f03ae2021-12-22 12:43:37.695root 11241100x80000000000000004018625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aedf4f8d73b62aa2021-12-22 12:43:37.696root 11241100x80000000000000004018626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b535c3d15be4d3412021-12-22 12:43:37.696root 11241100x80000000000000004018627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9932b0f55709eae52021-12-22 12:43:37.696root 11241100x80000000000000004018628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092ed4f0adec46a72021-12-22 12:43:37.696root 11241100x80000000000000004018629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3502886646dbf15d2021-12-22 12:43:37.696root 11241100x80000000000000004018630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d06dc35079625992021-12-22 12:43:37.697root 11241100x80000000000000004018631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5471fcadb8e98232021-12-22 12:43:37.697root 11241100x80000000000000004018632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498b27b75fdb2e362021-12-22 12:43:37.697root 11241100x80000000000000004018633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbc7265efac6bce2021-12-22 12:43:37.697root 11241100x80000000000000004018634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e764e3469957d1382021-12-22 12:43:37.697root 11241100x80000000000000004018635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac79995790311a812021-12-22 12:43:37.697root 11241100x80000000000000004018636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e282b8d0b3d5442021-12-22 12:43:37.698root 11241100x80000000000000004018637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789766ca3b95ead32021-12-22 12:43:37.698root 11241100x80000000000000004018638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4db4f6a027137062021-12-22 12:43:37.698root 11241100x80000000000000004018639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33387e2115fe09da2021-12-22 12:43:37.698root 11241100x80000000000000004018640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b97efc538beb622021-12-22 12:43:37.698root 11241100x80000000000000004018641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af98ade78501c2ab2021-12-22 12:43:37.699root 11241100x80000000000000004018642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee81dbdc0ed0aee2021-12-22 12:43:37.699root 11241100x80000000000000004018643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfdef714f8910da2021-12-22 12:43:37.699root 11241100x80000000000000004018644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf57dff17579022021-12-22 12:43:37.699root 11241100x80000000000000004018645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25455db4cb54af282021-12-22 12:43:37.699root 11241100x80000000000000004018646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a3640ef081b4352021-12-22 12:43:37.699root 11241100x80000000000000004018647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c187071f1873392021-12-22 12:43:37.699root 11241100x80000000000000004018648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba16752eef867eea2021-12-22 12:43:37.700root 11241100x80000000000000004018649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0e2a8e6398302a2021-12-22 12:43:37.700root 11241100x80000000000000004018650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522c0818ef3f01c92021-12-22 12:43:37.700root 11241100x80000000000000004018651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ca3567a9dc92962021-12-22 12:43:37.700root 11241100x80000000000000004018652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012d7bc53091e6772021-12-22 12:43:37.700root 11241100x80000000000000004018653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c332b008ba7f3a582021-12-22 12:43:37.701root 11241100x80000000000000004018654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1ec7c9af6cdc402021-12-22 12:43:37.701root 354300x80000000000000004018655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.081{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56820-false10.0.1.12-8000- 11241100x80000000000000004018656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b831ac94b71e24e32021-12-22 12:43:38.082root 11241100x80000000000000004018657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8add882e80dfb512021-12-22 12:43:38.082root 11241100x80000000000000004018658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ff0196feb0a1972021-12-22 12:43:38.082root 11241100x80000000000000004018659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da1c4d47ca652522021-12-22 12:43:38.082root 11241100x80000000000000004018660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba320d0d0ed7e4be2021-12-22 12:43:38.082root 11241100x80000000000000004018661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6014c1599dc903d22021-12-22 12:43:38.083root 11241100x80000000000000004018662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b2e0845adfce412021-12-22 12:43:38.083root 11241100x80000000000000004018663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dfa15038b3464c2021-12-22 12:43:38.083root 11241100x80000000000000004018664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6078e1298ff11d052021-12-22 12:43:38.083root 11241100x80000000000000004018665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb96d366853a0c9e2021-12-22 12:43:38.083root 11241100x80000000000000004018666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddbb1cb8f9d09bb2021-12-22 12:43:38.083root 11241100x80000000000000004018667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e27f46300057482021-12-22 12:43:38.083root 11241100x80000000000000004018668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354659e767c722812021-12-22 12:43:38.083root 11241100x80000000000000004018669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d4a5335ab958fb2021-12-22 12:43:38.083root 11241100x80000000000000004018670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db31be5de5a13442021-12-22 12:43:38.083root 11241100x80000000000000004018671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64caab98d7403f402021-12-22 12:43:38.084root 11241100x80000000000000004018672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d063d03970c9252021-12-22 12:43:38.084root 11241100x80000000000000004018673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0366a0edd2f50c02021-12-22 12:43:38.084root 11241100x80000000000000004018674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1523c60e2c7d77c92021-12-22 12:43:38.084root 11241100x80000000000000004018675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78688ac5c0c41d672021-12-22 12:43:38.084root 11241100x80000000000000004018676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabd928b9c8c1cbf2021-12-22 12:43:38.084root 11241100x80000000000000004018677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5367d1b5319fb532021-12-22 12:43:38.084root 11241100x80000000000000004018678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cb5b926b538a282021-12-22 12:43:38.084root 11241100x80000000000000004018679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59346bff715e690b2021-12-22 12:43:38.084root 11241100x80000000000000004018680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18541d8d241f642f2021-12-22 12:43:38.084root 11241100x80000000000000004018681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6508f8eea8d57cec2021-12-22 12:43:38.085root 11241100x80000000000000004018682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094e45ac7a83bb322021-12-22 12:43:38.085root 11241100x80000000000000004018683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b48f6971a3e12db2021-12-22 12:43:38.085root 11241100x80000000000000004018684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42d22a30c11a7292021-12-22 12:43:38.085root 11241100x80000000000000004018685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9937e572af31012021-12-22 12:43:38.085root 11241100x80000000000000004018686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4128a68b8811dc6c2021-12-22 12:43:38.085root 11241100x80000000000000004018687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e940e42db36bcf2021-12-22 12:43:38.085root 11241100x80000000000000004018688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f465de35471aa7812021-12-22 12:43:38.086root 11241100x80000000000000004018689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae27fa5974b598082021-12-22 12:43:38.086root 11241100x80000000000000004018690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b3114d92cd03ec2021-12-22 12:43:38.086root 11241100x80000000000000004018691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a05e0c8b9ecc082021-12-22 12:43:38.086root 11241100x80000000000000004018692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1958272dac88f3642021-12-22 12:43:38.086root 11241100x80000000000000004018693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedca6e3df5d15a52021-12-22 12:43:38.086root 11241100x80000000000000004018694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e05c1e60005e72021-12-22 12:43:38.086root 11241100x80000000000000004018695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a90519e9043ba312021-12-22 12:43:38.086root 11241100x80000000000000004018696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97533742ea04cf852021-12-22 12:43:38.086root 11241100x80000000000000004018697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc3dc4ba0aa234c2021-12-22 12:43:38.087root 11241100x80000000000000004018698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5bcec2e3a610602021-12-22 12:43:38.087root 11241100x80000000000000004018699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bbad76623b40c22021-12-22 12:43:38.087root 11241100x80000000000000004018700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bab8c3308a64d622021-12-22 12:43:38.087root 11241100x80000000000000004018701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1af460b6dac49bd2021-12-22 12:43:38.087root 11241100x80000000000000004018702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e5e720b650013d2021-12-22 12:43:38.443root 11241100x80000000000000004018703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce5e185356020462021-12-22 12:43:38.443root 11241100x80000000000000004018704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb3526cc746488e2021-12-22 12:43:38.443root 11241100x80000000000000004018705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5351a815b10041732021-12-22 12:43:38.444root 11241100x80000000000000004018706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8499051338dd69f92021-12-22 12:43:38.444root 11241100x80000000000000004018707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ea62809df79f522021-12-22 12:43:38.444root 11241100x80000000000000004018708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64a8582c54fe3122021-12-22 12:43:38.445root 11241100x80000000000000004018709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f66333ae535c972021-12-22 12:43:38.447root 11241100x80000000000000004018710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9407704da0e8f90d2021-12-22 12:43:38.447root 11241100x80000000000000004018711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c59783855436682021-12-22 12:43:38.447root 11241100x80000000000000004018712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a5b93dffcf9a832021-12-22 12:43:38.447root 11241100x80000000000000004018713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bc8cc9411f25be2021-12-22 12:43:38.447root 11241100x80000000000000004018714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087b00c3e490f1892021-12-22 12:43:38.447root 11241100x80000000000000004018715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96b629bcb0a66722021-12-22 12:43:38.447root 11241100x80000000000000004018716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5322cf1f3603fe262021-12-22 12:43:38.447root 11241100x80000000000000004018717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc41c7d3ead690512021-12-22 12:43:38.448root 11241100x80000000000000004018718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe6efc78ba591402021-12-22 12:43:38.448root 11241100x80000000000000004018719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5465e73e1b59797a2021-12-22 12:43:38.448root 11241100x80000000000000004018720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4888b365847e04d2021-12-22 12:43:38.448root 11241100x80000000000000004018721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ff080979f21e262021-12-22 12:43:38.448root 11241100x80000000000000004018722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b3b2d62dc7d4bc2021-12-22 12:43:38.449root 11241100x80000000000000004018723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db230a89d6c735f2021-12-22 12:43:38.449root 11241100x80000000000000004018724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6d03092ed522112021-12-22 12:43:38.449root 11241100x80000000000000004018725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a228d54107623582021-12-22 12:43:38.449root 11241100x80000000000000004018726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebd3b95f690bb8a2021-12-22 12:43:38.449root 11241100x80000000000000004018727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dcfe6bdbea5b452021-12-22 12:43:38.449root 11241100x80000000000000004018728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b7f76728fcf4302021-12-22 12:43:38.449root 11241100x80000000000000004018729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7baed51174ee16d2021-12-22 12:43:38.449root 11241100x80000000000000004018730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9751a86cd3ff9c172021-12-22 12:43:38.449root 11241100x80000000000000004018731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638d1e3cbad911c32021-12-22 12:43:38.450root 11241100x80000000000000004018732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837d759f1b76b5692021-12-22 12:43:38.450root 11241100x80000000000000004018733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f179c52cbdf34342021-12-22 12:43:38.450root 11241100x80000000000000004018734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9611f21a9086ba8b2021-12-22 12:43:38.450root 11241100x80000000000000004018735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c726ba584d717692021-12-22 12:43:38.450root 11241100x80000000000000004018736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860698985d6b85222021-12-22 12:43:38.450root 11241100x80000000000000004018737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f125addc4b9fbe782021-12-22 12:43:38.450root 11241100x80000000000000004018738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12913a3ed678b3632021-12-22 12:43:38.450root 11241100x80000000000000004018739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3334b847269cd2a2021-12-22 12:43:38.450root 11241100x80000000000000004018740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cee5455acf2d892021-12-22 12:43:38.450root 11241100x80000000000000004018741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123fc173edf6b2c92021-12-22 12:43:38.451root 11241100x80000000000000004018742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2581ee38f306c5f52021-12-22 12:43:38.451root 11241100x80000000000000004018743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6ab86e4ae4c67a2021-12-22 12:43:38.451root 11241100x80000000000000004018744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a15c1b9d9a145de2021-12-22 12:43:38.451root 11241100x80000000000000004018745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619ec57e2ac4be032021-12-22 12:43:38.451root 11241100x80000000000000004018746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9185158b6580d5d42021-12-22 12:43:38.943root 11241100x80000000000000004018747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516b9ce8eac282342021-12-22 12:43:38.943root 11241100x80000000000000004018748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3258d16276c4cac52021-12-22 12:43:38.943root 11241100x80000000000000004018749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f2eba11c6902242021-12-22 12:43:38.943root 11241100x80000000000000004018750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc165d03f23ad9972021-12-22 12:43:38.943root 11241100x80000000000000004018751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c2cbd5b115e6b32021-12-22 12:43:38.943root 11241100x80000000000000004018752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b804b9b9ccb474f2021-12-22 12:43:38.943root 11241100x80000000000000004018753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a079ef3875323ac02021-12-22 12:43:38.943root 11241100x80000000000000004018754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed1f958d2d6519f2021-12-22 12:43:38.943root 11241100x80000000000000004018755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecdba4627318bac2021-12-22 12:43:38.944root 11241100x80000000000000004018756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4522a37f4f12d12021-12-22 12:43:38.944root 11241100x80000000000000004018757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9495e293e3ea69d2021-12-22 12:43:38.944root 11241100x80000000000000004018758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74920709db3ecde12021-12-22 12:43:38.944root 11241100x80000000000000004018759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e53592e74b6e9b2021-12-22 12:43:38.944root 11241100x80000000000000004018760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8731be903ef640f32021-12-22 12:43:38.944root 11241100x80000000000000004018761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c90d9af6d6b85d2021-12-22 12:43:38.944root 11241100x80000000000000004018762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94334a69f9035c472021-12-22 12:43:38.945root 11241100x80000000000000004018763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ba7c96dff4f1222021-12-22 12:43:38.945root 11241100x80000000000000004018764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf131802596d567d2021-12-22 12:43:38.945root 11241100x80000000000000004018765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098ff6ed77e29e592021-12-22 12:43:38.945root 11241100x80000000000000004018766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d1e755129e32812021-12-22 12:43:38.945root 11241100x80000000000000004018767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0be6bcd70843d82021-12-22 12:43:38.946root 11241100x80000000000000004018768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c3fa021dda80e32021-12-22 12:43:38.946root 11241100x80000000000000004018769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8112a48d8b32853b2021-12-22 12:43:38.946root 11241100x80000000000000004018770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67a919f53921c872021-12-22 12:43:38.946root 11241100x80000000000000004018771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec636efb166b8c7a2021-12-22 12:43:38.946root 11241100x80000000000000004018772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53156504da3fa532021-12-22 12:43:38.946root 11241100x80000000000000004018773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d9301a89a859e92021-12-22 12:43:38.946root 11241100x80000000000000004018774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3647bae5d5f86e2021-12-22 12:43:38.946root 11241100x80000000000000004018775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3568e5da17e6b82021-12-22 12:43:38.947root 11241100x80000000000000004018776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4291c2c40da363bd2021-12-22 12:43:38.947root 11241100x80000000000000004018777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ffedc23764b6432021-12-22 12:43:38.947root 11241100x80000000000000004018778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66824f7ae8d5786d2021-12-22 12:43:38.947root 11241100x80000000000000004018779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3801ed160983f9632021-12-22 12:43:38.947root 11241100x80000000000000004018780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b79ba1c5ee06532021-12-22 12:43:38.947root 11241100x80000000000000004018781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea7a2da72b9f3ff2021-12-22 12:43:38.947root 11241100x80000000000000004018782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1264fbb172985302021-12-22 12:43:38.947root 11241100x80000000000000004018783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93073b00c1cdf3332021-12-22 12:43:38.947root 11241100x80000000000000004018784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b6cc44d544dd0f2021-12-22 12:43:38.948root 11241100x80000000000000004018785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c60e7dc571e9fa32021-12-22 12:43:38.948root 11241100x80000000000000004018786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ad345a00b604b92021-12-22 12:43:38.948root 11241100x80000000000000004018787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b7b641619f16262021-12-22 12:43:38.948root 11241100x80000000000000004018788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2ca2d1ebdfdd652021-12-22 12:43:38.948root 11241100x80000000000000004018789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c34d2f08536b1e2021-12-22 12:43:38.948root 11241100x80000000000000004018790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d654ba37de24a12021-12-22 12:43:38.948root 11241100x80000000000000004018791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c153232119da0892021-12-22 12:43:38.948root 11241100x80000000000000004018792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b6e0d20d45b34d2021-12-22 12:43:38.949root 11241100x80000000000000004018793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8500bdbacf7448382021-12-22 12:43:38.949root 11241100x80000000000000004018794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d534c14f0b4f785f2021-12-22 12:43:38.949root 11241100x80000000000000004018795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f474b921497cee2021-12-22 12:43:38.949root 11241100x80000000000000004018796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941efae9ad72b9e32021-12-22 12:43:38.949root 11241100x80000000000000004018797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd332a0a456dc392021-12-22 12:43:38.949root 11241100x80000000000000004018798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483ba30d7de813f12021-12-22 12:43:38.949root 11241100x80000000000000004018799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e56b104275ac052021-12-22 12:43:38.950root 11241100x80000000000000004018800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2923111d5802130d2021-12-22 12:43:38.950root 23542300x80000000000000004018801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.969{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004018802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a839a36ebff5b122021-12-22 12:43:39.443root 11241100x80000000000000004018803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd754e687dd849272021-12-22 12:43:39.443root 11241100x80000000000000004018804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe7d9d344c602e82021-12-22 12:43:39.443root 11241100x80000000000000004018805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755b8a0cad5f27342021-12-22 12:43:39.444root 11241100x80000000000000004018806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e16ba2df931a712021-12-22 12:43:39.444root 11241100x80000000000000004018807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04aaed971b7e8ccb2021-12-22 12:43:39.444root 11241100x80000000000000004018808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fb9559aac085f72021-12-22 12:43:39.444root 11241100x80000000000000004018809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf71681b51e842e2021-12-22 12:43:39.444root 11241100x80000000000000004018810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7188b6b01963db012021-12-22 12:43:39.444root 11241100x80000000000000004018811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be5872920662d5b2021-12-22 12:43:39.444root 11241100x80000000000000004018812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349c3d9b9b6022b22021-12-22 12:43:39.445root 11241100x80000000000000004018813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0992e8b993ff3f2021-12-22 12:43:39.445root 11241100x80000000000000004018814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d96cea387d8efbe2021-12-22 12:43:39.445root 11241100x80000000000000004018815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22564ff2fa0cd2402021-12-22 12:43:39.445root 11241100x80000000000000004018816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b40f43c76f89bfd2021-12-22 12:43:39.446root 11241100x80000000000000004018817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccdb0e3f85361e72021-12-22 12:43:39.446root 11241100x80000000000000004018818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fb925ffd70134b2021-12-22 12:43:39.446root 11241100x80000000000000004018819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8265a385624e872021-12-22 12:43:39.446root 11241100x80000000000000004018820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba81a1752c3e86912021-12-22 12:43:39.447root 11241100x80000000000000004018821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c027453764cc42021-12-22 12:43:39.447root 11241100x80000000000000004018822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a87698a2e3109e2021-12-22 12:43:39.447root 11241100x80000000000000004018823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afc80c64aa8f6642021-12-22 12:43:39.448root 11241100x80000000000000004018824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58be8ba23973d1a22021-12-22 12:43:39.448root 11241100x80000000000000004018825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1963b35d0b4612ce2021-12-22 12:43:39.448root 11241100x80000000000000004018826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d6fda6b3cd6f3f2021-12-22 12:43:39.448root 11241100x80000000000000004018827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbd01369e57bff62021-12-22 12:43:39.448root 11241100x80000000000000004018828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7ff5f9358841e52021-12-22 12:43:39.448root 11241100x80000000000000004018829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db265359fe6d0c7e2021-12-22 12:43:39.449root 11241100x80000000000000004018830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a642ab5cfb587f42021-12-22 12:43:39.449root 11241100x80000000000000004018831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d5cdd75267b9e82021-12-22 12:43:39.449root 11241100x80000000000000004018832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12be0773dfff372f2021-12-22 12:43:39.449root 11241100x80000000000000004018833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6569f295d1a6f582021-12-22 12:43:39.449root 11241100x80000000000000004018834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e4fd61cfffa6e02021-12-22 12:43:39.449root 11241100x80000000000000004018835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa6b814857646862021-12-22 12:43:39.449root 11241100x80000000000000004018836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d900fb640bec3d982021-12-22 12:43:39.449root 11241100x80000000000000004018837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5846b28e89da5a2021-12-22 12:43:39.450root 11241100x80000000000000004018838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cab23e8350fa042021-12-22 12:43:39.450root 11241100x80000000000000004018839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc70bfb59260d6a2021-12-22 12:43:39.450root 11241100x80000000000000004018840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56675e99473a52f92021-12-22 12:43:39.450root 11241100x80000000000000004018841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384ba4371e782c342021-12-22 12:43:39.451root 11241100x80000000000000004018842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16505d5280df08932021-12-22 12:43:39.451root 11241100x80000000000000004018843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe974eff51add8262021-12-22 12:43:39.451root 11241100x80000000000000004018844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25194c58b72e83152021-12-22 12:43:39.451root 11241100x80000000000000004018845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be74cbaa55c63f5d2021-12-22 12:43:39.452root 11241100x80000000000000004018846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea72cdaee7e95c322021-12-22 12:43:39.452root 11241100x80000000000000004018847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0889c701e9909e592021-12-22 12:43:39.452root 11241100x80000000000000004018848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160fe0655a4e1cbf2021-12-22 12:43:39.452root 11241100x80000000000000004018849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2911c30f149a40c2021-12-22 12:43:39.453root 11241100x80000000000000004018850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0efc42e08ad695b2021-12-22 12:43:39.453root 11241100x80000000000000004018851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850bad8245bbaa842021-12-22 12:43:39.453root 11241100x80000000000000004018852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca52b53fd23cf6202021-12-22 12:43:39.453root 11241100x80000000000000004018853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a313aa3eddfefba2021-12-22 12:43:39.454root 11241100x80000000000000004018854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e033f2a1c0ca701f2021-12-22 12:43:39.943root 11241100x80000000000000004018855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596a9d5e3302de8d2021-12-22 12:43:39.943root 11241100x80000000000000004018856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ea69bf1977a07c2021-12-22 12:43:39.943root 11241100x80000000000000004018857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdea27619e841532021-12-22 12:43:39.944root 11241100x80000000000000004018858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139cfac91152b0532021-12-22 12:43:39.944root 11241100x80000000000000004018859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5525bec478f8a0f2021-12-22 12:43:39.944root 11241100x80000000000000004018860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cba8c0029f57d2e2021-12-22 12:43:39.944root 11241100x80000000000000004018861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81423bbcaa0f77e2021-12-22 12:43:39.944root 11241100x80000000000000004018862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6ac38a08c45e472021-12-22 12:43:39.944root 11241100x80000000000000004018863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4f073130b9c9a82021-12-22 12:43:39.944root 11241100x80000000000000004018864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64ef74ddb723cf92021-12-22 12:43:39.944root 11241100x80000000000000004018865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130485e8f52056822021-12-22 12:43:39.945root 11241100x80000000000000004018866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6db2c66c837fa482021-12-22 12:43:39.945root 11241100x80000000000000004018867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dad21c4dac5746a2021-12-22 12:43:39.945root 11241100x80000000000000004018868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490962ce54c52be92021-12-22 12:43:39.945root 11241100x80000000000000004018869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aab3d0596b665512021-12-22 12:43:39.945root 11241100x80000000000000004018870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb754465245b4382021-12-22 12:43:39.945root 11241100x80000000000000004018871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f60abec74725182021-12-22 12:43:39.945root 11241100x80000000000000004018872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bff3261ef27da962021-12-22 12:43:39.946root 11241100x80000000000000004018873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f145fdc859212062021-12-22 12:43:39.946root 11241100x80000000000000004018874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55beecd0a5bd5c972021-12-22 12:43:39.946root 11241100x80000000000000004018875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9783f9a86781803f2021-12-22 12:43:39.946root 11241100x80000000000000004018876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0769598b8cd4fb042021-12-22 12:43:39.946root 11241100x80000000000000004018877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e431588f91dcde2021-12-22 12:43:39.946root 11241100x80000000000000004018878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7066b3ad2b7d62df2021-12-22 12:43:39.947root 11241100x80000000000000004018879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93345144f60b6f212021-12-22 12:43:39.947root 11241100x80000000000000004018880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8565542c57e9c23f2021-12-22 12:43:39.947root 11241100x80000000000000004018881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49c82e504e222932021-12-22 12:43:39.947root 11241100x80000000000000004018882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbc96537a90dcf52021-12-22 12:43:39.947root 11241100x80000000000000004018883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9e34042d81dd3f2021-12-22 12:43:39.947root 11241100x80000000000000004018884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2697ddca769e51e2021-12-22 12:43:39.947root 11241100x80000000000000004018885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc50c653eb6ab7052021-12-22 12:43:39.947root 11241100x80000000000000004018886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25606c5d4a95ceb92021-12-22 12:43:39.947root 11241100x80000000000000004018887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ede7193b67194192021-12-22 12:43:39.948root 11241100x80000000000000004018888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd6c22647c06ae92021-12-22 12:43:39.948root 11241100x80000000000000004018889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faba6c19e8c2abda2021-12-22 12:43:39.948root 11241100x80000000000000004018890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44e79a9c4346fdb2021-12-22 12:43:39.948root 11241100x80000000000000004018891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16098f1f856433552021-12-22 12:43:39.948root 11241100x80000000000000004018892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fec5de44b0f8de42021-12-22 12:43:39.948root 11241100x80000000000000004018893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200994ffe54cee302021-12-22 12:43:39.949root 11241100x80000000000000004018894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c4ba1365fc14032021-12-22 12:43:39.949root 11241100x80000000000000004018895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728a8b08964b255c2021-12-22 12:43:39.949root 11241100x80000000000000004018896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc48024e4ec75362021-12-22 12:43:39.949root 11241100x80000000000000004018897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da8c6bd313b78162021-12-22 12:43:39.949root 11241100x80000000000000004018898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d6f90c370399d42021-12-22 12:43:39.949root 11241100x80000000000000004018899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7849f2a3e1f79652021-12-22 12:43:39.950root 11241100x80000000000000004018900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43190042db258ee2021-12-22 12:43:39.950root 11241100x80000000000000004018901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e898dc89825fc12021-12-22 12:43:39.950root 11241100x80000000000000004018902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75f894c2d471e612021-12-22 12:43:39.950root 11241100x80000000000000004018903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5267ca33a93bef862021-12-22 12:43:39.950root 11241100x80000000000000004018904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4967b4fb7e50fed52021-12-22 12:43:39.950root 11241100x80000000000000004018905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b993c0f077ad5b2021-12-22 12:43:39.951root 11241100x80000000000000004018906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094b3d91f4efae8f2021-12-22 12:43:39.951root 11241100x80000000000000004018907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9e9523e9397fe02021-12-22 12:43:39.951root 11241100x80000000000000004018908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631190f1c0f1b5b22021-12-22 12:43:40.443root 11241100x80000000000000004018909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0448967843a1a642021-12-22 12:43:40.443root 11241100x80000000000000004018910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8347b238f336cd2021-12-22 12:43:40.444root 11241100x80000000000000004018911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4408fad3c35c8c02021-12-22 12:43:40.444root 11241100x80000000000000004018912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5591b900932ab2ec2021-12-22 12:43:40.445root 11241100x80000000000000004018913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b625f46e48c8c1a2021-12-22 12:43:40.445root 11241100x80000000000000004018914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a0c784f17c64c12021-12-22 12:43:40.445root 11241100x80000000000000004018915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c958c90015b96f152021-12-22 12:43:40.445root 11241100x80000000000000004018916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b69156a9a938af02021-12-22 12:43:40.445root 11241100x80000000000000004018917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d7744abe5016fe2021-12-22 12:43:40.445root 11241100x80000000000000004018918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d379a8c89d0e459d2021-12-22 12:43:40.445root 11241100x80000000000000004018919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd629b3cedc85092021-12-22 12:43:40.445root 11241100x80000000000000004018920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b078c12ef7e14a712021-12-22 12:43:40.446root 11241100x80000000000000004018921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af5232ef7b391d42021-12-22 12:43:40.446root 11241100x80000000000000004018922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2a2c3eb14530052021-12-22 12:43:40.446root 11241100x80000000000000004018923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0ebcfa06f4c3542021-12-22 12:43:40.446root 11241100x80000000000000004018924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ee685a5ca0c1b42021-12-22 12:43:40.446root 11241100x80000000000000004018925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7337a8fd608312992021-12-22 12:43:40.446root 11241100x80000000000000004018926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f96a19857b458c52021-12-22 12:43:40.446root 11241100x80000000000000004018927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f78ff468ea742442021-12-22 12:43:40.447root 11241100x80000000000000004018928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c95276b390adc772021-12-22 12:43:40.447root 11241100x80000000000000004018929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334c7518aa5605212021-12-22 12:43:40.448root 11241100x80000000000000004018930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebe1cc9961e17462021-12-22 12:43:40.448root 11241100x80000000000000004018931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66a3032f5da1d5a2021-12-22 12:43:40.448root 11241100x80000000000000004018932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc767e8a99a51fb12021-12-22 12:43:40.449root 11241100x80000000000000004018933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b2a8db67a82c6f2021-12-22 12:43:40.450root 11241100x80000000000000004018934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4630d9155dafe8c42021-12-22 12:43:40.450root 11241100x80000000000000004018935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f457cf85c748e872021-12-22 12:43:40.450root 11241100x80000000000000004018936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca9ac41c851119d2021-12-22 12:43:40.450root 11241100x80000000000000004018937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3facd054f65d0f2021-12-22 12:43:40.450root 11241100x80000000000000004018938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9334d6467007f61e2021-12-22 12:43:40.450root 11241100x80000000000000004018939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9565adf72c1175732021-12-22 12:43:40.450root 11241100x80000000000000004018940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498ee0814adaca732021-12-22 12:43:40.450root 11241100x80000000000000004018941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3fa1162612ca072021-12-22 12:43:40.450root 11241100x80000000000000004018942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6070e27e137ee4fd2021-12-22 12:43:40.451root 11241100x80000000000000004018943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0049899dcd9ef5472021-12-22 12:43:40.451root 11241100x80000000000000004018944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa56ced8610526f42021-12-22 12:43:40.451root 11241100x80000000000000004018945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d8337996b718632021-12-22 12:43:40.452root 11241100x80000000000000004018946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d4976f9dc8b7102021-12-22 12:43:40.452root 11241100x80000000000000004018947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15a64f3fe2abc6c2021-12-22 12:43:40.452root 11241100x80000000000000004018948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c2bf162b4fe1d02021-12-22 12:43:40.452root 11241100x80000000000000004018949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd3a62f58bc33832021-12-22 12:43:40.943root 11241100x80000000000000004018950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a700e4fed16b6a2021-12-22 12:43:40.943root 11241100x80000000000000004018951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95b80c5c4c9f82a2021-12-22 12:43:40.943root 11241100x80000000000000004018952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a16f9da1d9e9d22021-12-22 12:43:40.943root 11241100x80000000000000004018953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a8ae7a8b25179e2021-12-22 12:43:40.943root 11241100x80000000000000004018954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae0a64f9cd2ea8f2021-12-22 12:43:40.943root 11241100x80000000000000004018955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb0c6fdaa6f217a2021-12-22 12:43:40.943root 11241100x80000000000000004018956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ae2d3d65f176862021-12-22 12:43:40.944root 11241100x80000000000000004018957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9bf7be5829f6222021-12-22 12:43:40.944root 11241100x80000000000000004018958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09940ed17b9d4f672021-12-22 12:43:40.944root 11241100x80000000000000004018959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baf6e14c58d75832021-12-22 12:43:40.944root 11241100x80000000000000004018960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04aae396fcd9ba02021-12-22 12:43:40.944root 11241100x80000000000000004018961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8499a2b62078e9202021-12-22 12:43:40.944root 11241100x80000000000000004018962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c59a00d0db4fa342021-12-22 12:43:40.945root 11241100x80000000000000004018963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b96c050a0caabde2021-12-22 12:43:40.945root 11241100x80000000000000004018964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c7d9d8874ab9772021-12-22 12:43:40.945root 11241100x80000000000000004018965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483dcc5114a486d22021-12-22 12:43:40.945root 11241100x80000000000000004018966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee359363c86de98d2021-12-22 12:43:40.945root 11241100x80000000000000004018967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006e023f92d688be2021-12-22 12:43:40.945root 11241100x80000000000000004018968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944efdf128c27dbe2021-12-22 12:43:40.945root 11241100x80000000000000004018969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b743aebd65f4b7d42021-12-22 12:43:40.945root 11241100x80000000000000004018970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1360f8e6b776d5f2021-12-22 12:43:40.945root 11241100x80000000000000004018971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c08445506c62772021-12-22 12:43:40.946root 11241100x80000000000000004018972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0460ee6fb89fd9792021-12-22 12:43:40.946root 11241100x80000000000000004018973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e926833f51207b2021-12-22 12:43:40.946root 11241100x80000000000000004018974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980e6840a0f3c9b52021-12-22 12:43:40.946root 11241100x80000000000000004018975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dcd5c87a0b7cfc2021-12-22 12:43:40.946root 11241100x80000000000000004018976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8840dba20af6fa82021-12-22 12:43:40.946root 11241100x80000000000000004018977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12aea8354e9cc9d2021-12-22 12:43:40.946root 11241100x80000000000000004018978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463532b6647d07892021-12-22 12:43:40.946root 11241100x80000000000000004018979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e101973400a8291c2021-12-22 12:43:40.946root 11241100x80000000000000004018980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd81edd9e369142021-12-22 12:43:40.946root 11241100x80000000000000004018981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2e22d338c770532021-12-22 12:43:40.947root 11241100x80000000000000004018982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6dd05ebf13cb972021-12-22 12:43:40.947root 11241100x80000000000000004018983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e40c19e1aee3a822021-12-22 12:43:40.947root 11241100x80000000000000004018984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4aad48664bb2e992021-12-22 12:43:40.947root 11241100x80000000000000004018985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3491911fe605d12021-12-22 12:43:40.947root 11241100x80000000000000004018986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39429150413932122021-12-22 12:43:40.947root 11241100x80000000000000004018987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4972764b1a35822021-12-22 12:43:40.947root 11241100x80000000000000004018988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21336ed54f5a833c2021-12-22 12:43:40.947root 11241100x80000000000000004018989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260c9685b88ca22c2021-12-22 12:43:40.948root 11241100x80000000000000004018990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a169a7709d6ed28d2021-12-22 12:43:40.948root 11241100x80000000000000004018991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1fa480b8691ebb2021-12-22 12:43:40.948root 11241100x80000000000000004018992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3d05488664c7352021-12-22 12:43:40.948root 11241100x80000000000000004018993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594f3aca332a10af2021-12-22 12:43:40.948root 11241100x80000000000000004018994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6b5b503e5b9d6e2021-12-22 12:43:40.948root 11241100x80000000000000004018995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453365c7c83fb2402021-12-22 12:43:40.948root 11241100x80000000000000004018996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a52985144c2bdb72021-12-22 12:43:40.948root 11241100x80000000000000004018997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ab550dc9d326c42021-12-22 12:43:40.949root 11241100x80000000000000004018998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e074c86af62dd3382021-12-22 12:43:40.949root 11241100x80000000000000004018999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931a969e518d5b552021-12-22 12:43:40.949root 11241100x80000000000000004019000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09fa68162cd4b7b2021-12-22 12:43:40.949root 11241100x80000000000000004019001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5eb6c258b5899ee2021-12-22 12:43:40.949root 11241100x80000000000000004019002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746c7c4dd7ae74b02021-12-22 12:43:40.949root 11241100x80000000000000004019003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd05abbb6e158592021-12-22 12:43:40.949root 11241100x80000000000000004019004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63eaf9e3a7b950342021-12-22 12:43:40.950root 11241100x80000000000000004019005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfead20693e9cd22021-12-22 12:43:40.950root 11241100x80000000000000004019006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d369f0673a7268e2021-12-22 12:43:40.950root 11241100x80000000000000004019007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9042bd57c60dab2021-12-22 12:43:40.950root 11241100x80000000000000004019008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1af86c9b9f345362021-12-22 12:43:41.443root 11241100x80000000000000004019009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd374290ad4629c2021-12-22 12:43:41.443root 11241100x80000000000000004019010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a330d6d18373d5b2021-12-22 12:43:41.444root 11241100x80000000000000004019011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56faa0c3f6e54f42021-12-22 12:43:41.444root 11241100x80000000000000004019012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6b3e062bdfbf1a2021-12-22 12:43:41.444root 11241100x80000000000000004019013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80be39b6158879532021-12-22 12:43:41.444root 11241100x80000000000000004019014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b433686ecb43822021-12-22 12:43:41.444root 11241100x80000000000000004019015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b3025b71d305622021-12-22 12:43:41.444root 11241100x80000000000000004019016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f8b0762ff5a11c2021-12-22 12:43:41.444root 11241100x80000000000000004019017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd33101e0c3386d2021-12-22 12:43:41.445root 11241100x80000000000000004019018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4884ce57e1dcea2021-12-22 12:43:41.445root 11241100x80000000000000004019019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2da7f44cd99d42e2021-12-22 12:43:41.445root 11241100x80000000000000004019020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3d32a56f263fb82021-12-22 12:43:41.445root 11241100x80000000000000004019021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4fb4383e91ee592021-12-22 12:43:41.445root 11241100x80000000000000004019022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c270f34d787cf3d62021-12-22 12:43:41.445root 11241100x80000000000000004019023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15033b80eafedaa2021-12-22 12:43:41.445root 11241100x80000000000000004019024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3825fca0a6029f02021-12-22 12:43:41.445root 11241100x80000000000000004019025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9ee76de34d74192021-12-22 12:43:41.445root 11241100x80000000000000004019026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d1552923c2af452021-12-22 12:43:41.445root 11241100x80000000000000004019027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ffff863bf0c94c2021-12-22 12:43:41.446root 11241100x80000000000000004019028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4369b8ac2921bda2021-12-22 12:43:41.446root 11241100x80000000000000004019029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92647c1921ed65392021-12-22 12:43:41.446root 11241100x80000000000000004019030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445e8e0c4244d6fc2021-12-22 12:43:41.446root 11241100x80000000000000004019031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b631d4a8c991d1b92021-12-22 12:43:41.447root 11241100x80000000000000004019032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609ffe111148ccde2021-12-22 12:43:41.447root 11241100x80000000000000004019033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f847bec36caff962021-12-22 12:43:41.447root 11241100x80000000000000004019034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8991bb5cc1867f492021-12-22 12:43:41.447root 11241100x80000000000000004019035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8812abf46d29eba02021-12-22 12:43:41.447root 11241100x80000000000000004019036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbd34686f03074a2021-12-22 12:43:41.447root 11241100x80000000000000004019037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41d324f5633b1132021-12-22 12:43:41.448root 11241100x80000000000000004019038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b187b80d0e572ca82021-12-22 12:43:41.448root 11241100x80000000000000004019039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0762dec7f254402021-12-22 12:43:41.448root 11241100x80000000000000004019040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a8c59107783fde2021-12-22 12:43:41.448root 11241100x80000000000000004019041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1faa6babf1970c2021-12-22 12:43:41.448root 11241100x80000000000000004019042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a495e195f94f0712021-12-22 12:43:41.448root 11241100x80000000000000004019043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b18948b6664be9d2021-12-22 12:43:41.448root 11241100x80000000000000004019044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09e12407394de602021-12-22 12:43:41.449root 11241100x80000000000000004019045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dc4b23ded9470d2021-12-22 12:43:41.449root 11241100x80000000000000004019046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d09122c6a246b232021-12-22 12:43:41.449root 11241100x80000000000000004019047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23526aab7809bcef2021-12-22 12:43:41.449root 11241100x80000000000000004019048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca89fea102a51032021-12-22 12:43:41.943root 11241100x80000000000000004019049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df595ab2afcbe0e82021-12-22 12:43:41.943root 11241100x80000000000000004019050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbd0ebcd976f60e2021-12-22 12:43:41.943root 11241100x80000000000000004019051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1eb5dacbe009de2021-12-22 12:43:41.943root 11241100x80000000000000004019052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbf7531e7dc6d0c2021-12-22 12:43:41.943root 354300x80000000000000004019091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:44.078{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56822-false10.0.1.12-8000- 11241100x80000000000000004019092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:44.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31929d048bc61f02021-12-22 12:43:44.442root 11241100x80000000000000004019093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:44.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb20faca170cbafe2021-12-22 12:43:44.942root 11241100x80000000000000004019094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:45.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec8bc824db484ab2021-12-22 12:43:45.442root 11241100x80000000000000004019095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:45.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6fa78749881fc72021-12-22 12:43:45.942root 11241100x80000000000000004019096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:46.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb077dc66c4464f72021-12-22 12:43:46.442root 11241100x80000000000000004019097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:46.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab22311e2ed2c87b2021-12-22 12:43:46.942root 11241100x80000000000000004019098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:47.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ded34fc495da7cb2021-12-22 12:43:47.442root 11241100x80000000000000004019099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:47.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46d58229122e0db2021-12-22 12:43:47.942root 11241100x80000000000000004019100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:48.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92fd5a4cdece81a2021-12-22 12:43:48.442root 11241100x80000000000000004019101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:48.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aea5af5296d8c32021-12-22 12:43:48.942root 354300x80000000000000004019102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:49.156{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56824-false10.0.1.12-8000- 11241100x80000000000000004019103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27250425e2a3d2a2021-12-22 12:43:49.442root 11241100x80000000000000004019104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3efbee03f53c4a2021-12-22 12:43:49.442root 11241100x80000000000000004019105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:49.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b7661476dd89572021-12-22 12:43:49.942root 11241100x80000000000000004019106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e789283569c2c5e2021-12-22 12:43:49.943root 11241100x80000000000000004019107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:50.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007802e4610878dc2021-12-22 12:43:50.442root 11241100x80000000000000004019108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d0ea9c81abe1712021-12-22 12:43:50.443root 11241100x80000000000000004019109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:50.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a62ab3ec14059e2021-12-22 12:43:50.942root 11241100x80000000000000004019110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eab96a7707cd812021-12-22 12:43:50.943root 11241100x80000000000000004019111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:51.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0dae9be8ba53482021-12-22 12:43:51.442root 11241100x80000000000000004019112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:51.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada3966f22d75c132021-12-22 12:43:51.442root 11241100x80000000000000004019113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:51.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcdbed6ac8bdaea2021-12-22 12:43:51.942root 11241100x80000000000000004019114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:51.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371f2d2b1ea9ebcd2021-12-22 12:43:51.942root 11241100x80000000000000004019115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:52.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412f7ef88587ca2d2021-12-22 12:43:52.442root 11241100x80000000000000004019116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dbd87f49bf1be82021-12-22 12:43:52.443root 11241100x80000000000000004019117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469bf94174870ab82021-12-22 12:43:52.942root 11241100x80000000000000004019118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f74e4861765fc82021-12-22 12:43:52.942root 11241100x80000000000000004019119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:53.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4c6561252bd2ce2021-12-22 12:43:53.442root 11241100x80000000000000004019120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f85fb95ef0c88e12021-12-22 12:43:53.443root 11241100x80000000000000004019121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63eeb394c6958b482021-12-22 12:43:53.942root 11241100x80000000000000004019122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39290e7ad2d7f13a2021-12-22 12:43:53.942root 11241100x80000000000000004019123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:54.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f8751462dbbcd72021-12-22 12:43:54.442root 11241100x80000000000000004019124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f166a2ce6e38e8ef2021-12-22 12:43:54.443root 11241100x80000000000000004019125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5d94670b8dd4922021-12-22 12:43:54.942root 11241100x80000000000000004019126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b095b013e7724f62021-12-22 12:43:54.942root 354300x80000000000000004019127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.096{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56826-false10.0.1.12-8000- 11241100x80000000000000004019128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579e87daee385b22021-12-22 12:43:55.442root 11241100x80000000000000004019129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb0dda2413741e12021-12-22 12:43:55.443root 11241100x80000000000000004019130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd7fbc07ecd78a02021-12-22 12:43:55.443root 11241100x80000000000000004019131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e174c0783bc9e82021-12-22 12:43:55.942root 11241100x80000000000000004019132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2472c68530773c702021-12-22 12:43:55.943root 11241100x80000000000000004019133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4798f4997b335e082021-12-22 12:43:55.943root 11241100x80000000000000004019134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a4f9cf0ea4a7452021-12-22 12:43:56.443root 11241100x80000000000000004019135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d76ccae07e0c362021-12-22 12:43:56.443root 11241100x80000000000000004019136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d63455b1645c2c22021-12-22 12:43:56.443root 11241100x80000000000000004019137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368fced0040673ee2021-12-22 12:43:56.942root 11241100x80000000000000004019138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7723376127c5cb62021-12-22 12:43:56.943root 11241100x80000000000000004019139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038aba4242ee366b2021-12-22 12:43:56.943root 11241100x80000000000000004019140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6378c2cc156564942021-12-22 12:43:57.442root 11241100x80000000000000004019141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a06624644270cde2021-12-22 12:43:57.443root 11241100x80000000000000004019142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f526d8cd3b81ba552021-12-22 12:43:57.443root 11241100x80000000000000004019143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37d118bf174dacb2021-12-22 12:43:57.942root 11241100x80000000000000004019144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6349ed3680d611f12021-12-22 12:43:57.943root 11241100x80000000000000004019145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f7a6e2d3cfd6602021-12-22 12:43:57.943root 11241100x80000000000000004019146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c631f1097af3a2f2021-12-22 12:43:58.442root 11241100x80000000000000004019147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8174042133fbdb952021-12-22 12:43:58.443root 11241100x80000000000000004019148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d14712baba88eea2021-12-22 12:43:58.443root 11241100x80000000000000004019149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a869fa7190a4b0fc2021-12-22 12:43:58.942root 11241100x80000000000000004019150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fb0a0a6653b41c2021-12-22 12:43:58.943root 11241100x80000000000000004019151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b9d99f214e96092021-12-22 12:43:58.943root 11241100x80000000000000004019152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f0a75eb72976532021-12-22 12:43:59.442root 11241100x80000000000000004019153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5926292090dbae62021-12-22 12:43:59.443root 11241100x80000000000000004019154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0fbe8d97fe0e42021-12-22 12:43:59.443root 11241100x80000000000000004019155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd9a05e018c00e82021-12-22 12:43:59.942root 11241100x80000000000000004019156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae48f91c7bd076c2021-12-22 12:43:59.943root 11241100x80000000000000004019157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138a8c6df1de63272021-12-22 12:43:59.943root 354300x80000000000000004019158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.188{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56828-false10.0.1.12-8000- 11241100x80000000000000004019159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d99ce141b84f352021-12-22 12:44:00.442root 11241100x80000000000000004019160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd5392839970a2c2021-12-22 12:44:00.443root 11241100x80000000000000004019161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cf99277dd2e70d2021-12-22 12:44:00.443root 11241100x80000000000000004019162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d6f6e5512a06ab2021-12-22 12:44:00.443root 11241100x80000000000000004019163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0b6fc164b028402021-12-22 12:44:00.942root 11241100x80000000000000004019164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f528754c28e20f72021-12-22 12:44:00.943root 11241100x80000000000000004019165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429d4faea40a14af2021-12-22 12:44:00.943root 11241100x80000000000000004019166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786666fc05d18eac2021-12-22 12:44:00.943root 11241100x80000000000000004019167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975fdcbc8e30c9ee2021-12-22 12:44:01.442root 11241100x80000000000000004019168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccd283362b6beca2021-12-22 12:44:01.443root 11241100x80000000000000004019169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f768bad66edcf75b2021-12-22 12:44:01.443root 11241100x80000000000000004019170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a040295ccee4abc2021-12-22 12:44:01.443root 11241100x80000000000000004019171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fe3e5f44218c232021-12-22 12:44:01.942root 11241100x80000000000000004019172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc491bd7ec8f2032021-12-22 12:44:01.943root 11241100x80000000000000004019173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efa66729e1a17262021-12-22 12:44:01.943root 11241100x80000000000000004019174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752677ac00a4f3c12021-12-22 12:44:01.943root 11241100x80000000000000004019175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702b608f635205052021-12-22 12:44:02.442root 11241100x80000000000000004019176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21e6be65efe17012021-12-22 12:44:02.443root 11241100x80000000000000004019177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c773e25be345652021-12-22 12:44:02.443root 11241100x80000000000000004019178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935cc4961078e2182021-12-22 12:44:02.443root 11241100x80000000000000004019179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6324d715cca34b222021-12-22 12:44:02.942root 11241100x80000000000000004019180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759b03eea8838b642021-12-22 12:44:02.943root 11241100x80000000000000004019181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244562418045b63e2021-12-22 12:44:02.943root 11241100x80000000000000004019182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ca8b0dc97b32662021-12-22 12:44:02.943root 11241100x80000000000000004019183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.124{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:44:03.124root 11241100x80000000000000004019184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b14ebd05057956b2021-12-22 12:44:03.443root 11241100x80000000000000004019185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67b14183498937e2021-12-22 12:44:03.443root 11241100x80000000000000004019186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e9e836d7ec4fcd2021-12-22 12:44:03.443root 11241100x80000000000000004019187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fec23fed56b339b2021-12-22 12:44:03.443root 11241100x80000000000000004019188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35bd469695094b82021-12-22 12:44:03.443root 11241100x80000000000000004019189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b19b0a7be043cc2021-12-22 12:44:03.943root 11241100x80000000000000004019190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f00c400d24dcb732021-12-22 12:44:03.943root 11241100x80000000000000004019191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f6afec9d9caf9b2021-12-22 12:44:03.943root 11241100x80000000000000004019192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca29f725790fec52021-12-22 12:44:03.943root 11241100x80000000000000004019193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8ef056f0c275b22021-12-22 12:44:03.943root 11241100x80000000000000004019194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5520c376567e542021-12-22 12:44:04.443root 11241100x80000000000000004019195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023b43b9eab82f5f2021-12-22 12:44:04.443root 11241100x80000000000000004019196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb64f3673a22cf92021-12-22 12:44:04.443root 11241100x80000000000000004019197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e350f6687fbcef2021-12-22 12:44:04.443root 11241100x80000000000000004019198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6077a565bb829f2021-12-22 12:44:04.443root 11241100x80000000000000004019199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e509d89c37a9eead2021-12-22 12:44:04.942root 11241100x80000000000000004019200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82be05891b1062c02021-12-22 12:44:04.943root 11241100x80000000000000004019201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1578c320673c732021-12-22 12:44:04.943root 11241100x80000000000000004019202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983991bb8595a9e42021-12-22 12:44:04.943root 11241100x80000000000000004019203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b91fd564e77ac212021-12-22 12:44:04.943root 11241100x80000000000000004019204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b467b839e8b588d52021-12-22 12:44:05.444root 11241100x80000000000000004019205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dc6d8318b7e0342021-12-22 12:44:05.444root 11241100x80000000000000004019206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf99f9cdd6b094a2021-12-22 12:44:05.444root 11241100x80000000000000004019207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83f6b9f17d817932021-12-22 12:44:05.444root 11241100x80000000000000004019208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4964167fd25699de2021-12-22 12:44:05.444root 11241100x80000000000000004019209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfaaf754316f6b52021-12-22 12:44:05.943root 11241100x80000000000000004019210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc82cbb8ea500e52021-12-22 12:44:05.943root 11241100x80000000000000004019211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b8dd17b7c6c2dd2021-12-22 12:44:05.943root 11241100x80000000000000004019212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d29305c496cd4332021-12-22 12:44:05.943root 11241100x80000000000000004019213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff390ec53bf60c2021-12-22 12:44:05.943root 354300x80000000000000004019214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.065{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56830-false10.0.1.12-8000- 23542300x80000000000000004019215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.126{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004019216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf1621b5f44d8e82021-12-22 12:44:06.443root 11241100x80000000000000004019217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632d1c8893f12ac92021-12-22 12:44:06.443root 11241100x80000000000000004019218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96c05bad6510a142021-12-22 12:44:06.443root 11241100x80000000000000004019219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0184818ab4168a4d2021-12-22 12:44:06.443root 11241100x80000000000000004019220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a046af05db6ee482021-12-22 12:44:06.443root 11241100x80000000000000004019221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abf02214ea6bb252021-12-22 12:44:06.444root 11241100x80000000000000004019222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2993df40d4677c7d2021-12-22 12:44:06.444root 11241100x80000000000000004019223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab35861cc4b2b91d2021-12-22 12:44:06.943root 11241100x80000000000000004019224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f819c9d4a8f58272021-12-22 12:44:06.943root 11241100x80000000000000004019225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546482de287541532021-12-22 12:44:06.943root 11241100x80000000000000004019226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091f0491936fb8942021-12-22 12:44:06.943root 11241100x80000000000000004019227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16211d067fc4ab1a2021-12-22 12:44:06.943root 11241100x80000000000000004019228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d156d8b0f75606912021-12-22 12:44:06.943root 11241100x80000000000000004019229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0526a923b2779e482021-12-22 12:44:06.944root 11241100x80000000000000004019230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ed540e506410232021-12-22 12:44:07.443root 11241100x80000000000000004019231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ed9f2dd60564162021-12-22 12:44:07.443root 11241100x80000000000000004019232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dadd24845eddd8d2021-12-22 12:44:07.443root 11241100x80000000000000004019233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca67e9073f36dd7b2021-12-22 12:44:07.443root 11241100x80000000000000004019234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19e4ebad2acba012021-12-22 12:44:07.443root 11241100x80000000000000004019235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947e1254d43249862021-12-22 12:44:07.443root 11241100x80000000000000004019236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2967882a90a39032021-12-22 12:44:07.443root 11241100x80000000000000004019237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63bfe2c32c1f4d42021-12-22 12:44:07.943root 11241100x80000000000000004019238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3f756a0f6b2fbf2021-12-22 12:44:07.943root 11241100x80000000000000004019239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e849bb9ccc3538672021-12-22 12:44:07.943root 11241100x80000000000000004019240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53b8220f8d66e862021-12-22 12:44:07.943root 11241100x80000000000000004019241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b361dc1350b2b542021-12-22 12:44:07.943root 11241100x80000000000000004019242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c72929bec9b5712021-12-22 12:44:07.943root 11241100x80000000000000004019243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc538fe913495dbe2021-12-22 12:44:07.944root 11241100x80000000000000004019244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c08b2deef1d1a5d2021-12-22 12:44:08.443root 11241100x80000000000000004019245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092a70201a55edb52021-12-22 12:44:08.443root 11241100x80000000000000004019246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06a6efc57bb23072021-12-22 12:44:08.443root 11241100x80000000000000004019247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621640c8699d0c9d2021-12-22 12:44:08.443root 11241100x80000000000000004019248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb7b5131f0864b52021-12-22 12:44:08.443root 11241100x80000000000000004019249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef8437b21681ad12021-12-22 12:44:08.443root 11241100x80000000000000004019250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30e19e9343683992021-12-22 12:44:08.443root 11241100x80000000000000004019251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ee54aa4b4159212021-12-22 12:44:08.943root 11241100x80000000000000004019252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841be5d7c7577cef2021-12-22 12:44:08.943root 11241100x80000000000000004019253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8da4d5aa3b6fc882021-12-22 12:44:08.943root 11241100x80000000000000004019254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77cb05f324d5cd52021-12-22 12:44:08.943root 11241100x80000000000000004019255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a2bb6b23afd1052021-12-22 12:44:08.943root 11241100x80000000000000004019256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5241b32f0acc5b902021-12-22 12:44:08.943root 11241100x80000000000000004019257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d4b286f4de7ada2021-12-22 12:44:08.944root 11241100x80000000000000004019258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060b33b0ee2e066d2021-12-22 12:44:09.443root 11241100x80000000000000004019259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55dc82c37f7c5ef2021-12-22 12:44:09.443root 11241100x80000000000000004019260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fab4f2a7ade5d832021-12-22 12:44:09.443root 11241100x80000000000000004019261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e173cbdd12be60b2021-12-22 12:44:09.443root 11241100x80000000000000004019262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24e42f48d3016c62021-12-22 12:44:09.443root 11241100x80000000000000004019263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d04d41ebef44612021-12-22 12:44:09.443root 11241100x80000000000000004019264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba6581afbee99552021-12-22 12:44:09.443root 11241100x80000000000000004019265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789d8fe263f84bc42021-12-22 12:44:09.943root 11241100x80000000000000004019266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e4493042b831dd2021-12-22 12:44:09.943root 11241100x80000000000000004019267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45b534ee75c09b02021-12-22 12:44:09.943root 11241100x80000000000000004019268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7c2069fba4ea242021-12-22 12:44:09.943root 11241100x80000000000000004019269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2cd8767858b3262021-12-22 12:44:09.943root 11241100x80000000000000004019270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcd846c3df915d72021-12-22 12:44:09.943root 11241100x80000000000000004019271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4d32d6e8cdda722021-12-22 12:44:09.943root 11241100x80000000000000004019272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b10d18849a971ff2021-12-22 12:44:10.443root 11241100x80000000000000004019273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53b5b2189b60d0b2021-12-22 12:44:10.443root 11241100x80000000000000004019274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9574b83bdd517d7f2021-12-22 12:44:10.443root 11241100x80000000000000004019275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d982e0896af0733d2021-12-22 12:44:10.443root 11241100x80000000000000004019276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6006ade1b192e6412021-12-22 12:44:10.443root 11241100x80000000000000004019277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd8920f172992502021-12-22 12:44:10.443root 11241100x80000000000000004019278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cdb56d62b6bfab2021-12-22 12:44:10.443root 11241100x80000000000000004019279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279570b8a4f8f6a02021-12-22 12:44:10.943root 11241100x80000000000000004019280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1754c7eab874e6742021-12-22 12:44:10.943root 11241100x80000000000000004019281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb0b248935676092021-12-22 12:44:10.943root 11241100x80000000000000004019282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e5ec7f80932d762021-12-22 12:44:10.943root 11241100x80000000000000004019283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b3a95903acf3a72021-12-22 12:44:10.943root 11241100x80000000000000004019284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd39b975b6a08ce2021-12-22 12:44:10.943root 11241100x80000000000000004019285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa035af3df4ac1d2021-12-22 12:44:10.943root 11241100x80000000000000004019286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57681c3c6a65fcb12021-12-22 12:44:11.443root 11241100x80000000000000004019287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b232037b58bb3e22021-12-22 12:44:11.443root 11241100x80000000000000004019288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d121f731fb26bc9f2021-12-22 12:44:11.443root 11241100x80000000000000004019289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33be09c1d435eed52021-12-22 12:44:11.443root 11241100x80000000000000004019290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35cb30b0ed776c22021-12-22 12:44:11.443root 11241100x80000000000000004019291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2404060539f4ff1a2021-12-22 12:44:11.443root 11241100x80000000000000004019292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190b8c0ddd649e062021-12-22 12:44:11.443root 11241100x80000000000000004019293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1833d5b5030da1bf2021-12-22 12:44:11.943root 11241100x80000000000000004019294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a013550fcc6baec12021-12-22 12:44:11.943root 11241100x80000000000000004019295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35038fb60bd5a9322021-12-22 12:44:11.943root 11241100x80000000000000004019296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed659dbfeb429be82021-12-22 12:44:11.943root 11241100x80000000000000004019297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4faa643b08eb4ad2021-12-22 12:44:11.943root 11241100x80000000000000004019298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe95f490ea545c4f2021-12-22 12:44:11.943root 11241100x80000000000000004019299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260e0e9974641ada2021-12-22 12:44:11.943root 354300x80000000000000004019300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.033{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56832-false10.0.1.12-8000- 11241100x80000000000000004019301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cd22c277335c742021-12-22 12:44:12.443root 11241100x80000000000000004019302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8f6b271ecdca1b2021-12-22 12:44:12.443root 11241100x80000000000000004019303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6839ee2a2021bd762021-12-22 12:44:12.443root 11241100x80000000000000004019304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18454f81132dc9302021-12-22 12:44:12.443root 11241100x80000000000000004019305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d819f662b7967e2021-12-22 12:44:12.443root 11241100x80000000000000004019306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa134d50b718141f2021-12-22 12:44:12.443root 11241100x80000000000000004019307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7d531fd2e457132021-12-22 12:44:12.443root 11241100x80000000000000004019308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198ec7a7d80f6bb72021-12-22 12:44:12.443root 11241100x80000000000000004019309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fa468d4cd237bb2021-12-22 12:44:12.943root 11241100x80000000000000004019310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9a89c55b34127e2021-12-22 12:44:12.943root 11241100x80000000000000004019311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff752c92a06a7432021-12-22 12:44:12.943root 11241100x80000000000000004019312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcd7f7aac086bf42021-12-22 12:44:12.943root 11241100x80000000000000004019313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ac547b1793d97f2021-12-22 12:44:12.943root 11241100x80000000000000004019314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76fd68c1c73f22f2021-12-22 12:44:12.943root 11241100x80000000000000004019315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2334b198ace8f342021-12-22 12:44:12.943root 11241100x80000000000000004019316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8967a1c50c19d712021-12-22 12:44:12.943root 11241100x80000000000000004019317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d030a83f8ae54f8a2021-12-22 12:44:13.443root 11241100x80000000000000004019318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4fc7fb9dc0d5f02021-12-22 12:44:13.443root 11241100x80000000000000004019319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a189c525f73e302021-12-22 12:44:13.443root 11241100x80000000000000004019320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850826fefe0420bc2021-12-22 12:44:13.443root 11241100x80000000000000004019321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bf3a3232f821432021-12-22 12:44:13.443root 11241100x80000000000000004019322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c96eba01dc44b12021-12-22 12:44:13.443root 11241100x80000000000000004019323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b282f79550b9e0202021-12-22 12:44:13.443root 11241100x80000000000000004019324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8697b7963071188e2021-12-22 12:44:13.443root 11241100x80000000000000004019325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987eac0fb3cae1202021-12-22 12:44:13.943root 11241100x80000000000000004019326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b88cac2387af7a2021-12-22 12:44:13.943root 11241100x80000000000000004019327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a88c7094f556c22021-12-22 12:44:13.943root 11241100x80000000000000004019328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c6675445a38b882021-12-22 12:44:13.943root 11241100x80000000000000004019329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573e36e631ed08d22021-12-22 12:44:13.943root 11241100x80000000000000004019330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a5a183f44b94d32021-12-22 12:44:13.943root 11241100x80000000000000004019331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bb8455c6383e302021-12-22 12:44:13.943root 11241100x80000000000000004019332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf696e74dfecc002021-12-22 12:44:13.944root 11241100x80000000000000004019333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215889bab086feda2021-12-22 12:44:14.443root 11241100x80000000000000004019334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84647dcee9102772021-12-22 12:44:14.443root 11241100x80000000000000004019335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4597a8d88366572021-12-22 12:44:14.443root 11241100x80000000000000004019336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7159e1cf4371bd2021-12-22 12:44:14.443root 11241100x80000000000000004019337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b1829567ba5d792021-12-22 12:44:14.443root 11241100x80000000000000004019338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fcf9272e42d9f92021-12-22 12:44:14.443root 11241100x80000000000000004019339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e128c69e8489f9f82021-12-22 12:44:14.443root 11241100x80000000000000004019340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c8867704e2b27a2021-12-22 12:44:14.443root 11241100x80000000000000004019341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56bdd6d01513fec2021-12-22 12:44:14.943root 11241100x80000000000000004019342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138062922f1a46ab2021-12-22 12:44:14.943root 11241100x80000000000000004019343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c41d618662f36062021-12-22 12:44:14.943root 11241100x80000000000000004019344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9a40afc8ba17912021-12-22 12:44:14.943root 11241100x80000000000000004019345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd1f2c4d440a4d02021-12-22 12:44:14.943root 11241100x80000000000000004019346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72818cfb380de0f62021-12-22 12:44:14.943root 11241100x80000000000000004019347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e4ffdee3b699e22021-12-22 12:44:14.943root 11241100x80000000000000004019348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db140a55d8ed21ce2021-12-22 12:44:14.943root 11241100x80000000000000004019349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dda67c5ecb64da02021-12-22 12:44:15.443root 11241100x80000000000000004019350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05d9373198307bd2021-12-22 12:44:15.443root 11241100x80000000000000004019351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb69e82badff8102021-12-22 12:44:15.443root 11241100x80000000000000004019352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04c713dc09057d82021-12-22 12:44:15.443root 11241100x80000000000000004019353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0eb501bdc0e1d052021-12-22 12:44:15.443root 11241100x80000000000000004019354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe09821543202642021-12-22 12:44:15.444root 11241100x80000000000000004019355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c12e522c46ee7ea2021-12-22 12:44:15.444root 11241100x80000000000000004019356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c81b1a9ea9a18b72021-12-22 12:44:15.444root 11241100x80000000000000004019357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d13bbd76b0eb7d2021-12-22 12:44:15.943root 11241100x80000000000000004019358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7517ada9555a90682021-12-22 12:44:15.943root 11241100x80000000000000004019359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3685c7f4106fb0ae2021-12-22 12:44:15.943root 11241100x80000000000000004019360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40712361214832c72021-12-22 12:44:15.943root 11241100x80000000000000004019361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8ed102f4afc7612021-12-22 12:44:15.943root 11241100x80000000000000004019362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd3d7956894bcec2021-12-22 12:44:15.944root 11241100x80000000000000004019363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdbeee42d66f26b2021-12-22 12:44:15.944root 11241100x80000000000000004019364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb340ecdd1a284b22021-12-22 12:44:15.944root 11241100x80000000000000004019365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f889012a6bf02e62021-12-22 12:44:16.443root 11241100x80000000000000004019366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d4ef1a8845de822021-12-22 12:44:16.443root 11241100x80000000000000004019367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f1e7d4d6fd882f2021-12-22 12:44:16.443root 11241100x80000000000000004019368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fc06fc0611e3602021-12-22 12:44:16.443root 11241100x80000000000000004019369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bd08b90fa918c02021-12-22 12:44:16.443root 11241100x80000000000000004019370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23415247d0db4a9e2021-12-22 12:44:16.443root 11241100x80000000000000004019371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3b7ac6a34695ea2021-12-22 12:44:16.444root 11241100x80000000000000004019372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d717d44f0c7e2362021-12-22 12:44:16.444root 11241100x80000000000000004019373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7748284010dc3fc2021-12-22 12:44:16.943root 11241100x80000000000000004019374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae616cfd6eec4c2f2021-12-22 12:44:16.943root 11241100x80000000000000004019375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520fa2e56c8d90c42021-12-22 12:44:16.943root 11241100x80000000000000004019376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea11da135b6dda32021-12-22 12:44:16.943root 11241100x80000000000000004019377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98517d5ad01261362021-12-22 12:44:16.943root 11241100x80000000000000004019378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c889bb322bc5382021-12-22 12:44:16.943root 11241100x80000000000000004019379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c80c0e1801e34502021-12-22 12:44:16.943root 11241100x80000000000000004019380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409aeae9127536852021-12-22 12:44:16.944root 354300x80000000000000004019381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.206{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56834-false10.0.1.12-8000- 11241100x80000000000000004019382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6343860f62261c7b2021-12-22 12:44:17.206root 11241100x80000000000000004019383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d184b46e08ca61242021-12-22 12:44:17.206root 11241100x80000000000000004019384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8d17eebb0c34e02021-12-22 12:44:17.207root 11241100x80000000000000004019385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0290836ab8d5c62e2021-12-22 12:44:17.207root 11241100x80000000000000004019386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2f1c01745d6c872021-12-22 12:44:17.207root 11241100x80000000000000004019387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7d7ce0b23484f62021-12-22 12:44:17.207root 11241100x80000000000000004019388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a740ce5872e4512021-12-22 12:44:17.207root 11241100x80000000000000004019389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fa7bd156aa9b9d2021-12-22 12:44:17.207root 11241100x80000000000000004019390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c151b83a6173da092021-12-22 12:44:17.207root 11241100x80000000000000004019391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250bdf5d95fcdafb2021-12-22 12:44:17.693root 11241100x80000000000000004019392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e48030ebceb47ff2021-12-22 12:44:17.693root 11241100x80000000000000004019393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ffa920bdb5cbba2021-12-22 12:44:17.693root 11241100x80000000000000004019394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87911bf99307b1b2021-12-22 12:44:17.694root 11241100x80000000000000004019395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e0e30a8848743d2021-12-22 12:44:17.694root 11241100x80000000000000004019396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aeb3db8af8aae9f2021-12-22 12:44:17.694root 11241100x80000000000000004019397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bad31a098a164052021-12-22 12:44:17.694root 11241100x80000000000000004019398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b608495d35ed012021-12-22 12:44:17.694root 11241100x80000000000000004019399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae116af5df758c92021-12-22 12:44:17.695root 11241100x80000000000000004019400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74323e6ea47923492021-12-22 12:44:18.193root 11241100x80000000000000004019401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411e6987e84b50d22021-12-22 12:44:18.194root 11241100x80000000000000004019402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54611069ff1056d82021-12-22 12:44:18.194root 11241100x80000000000000004019403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c46a833ba1c3e0f2021-12-22 12:44:18.194root 11241100x80000000000000004019404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e4c849c4deeaf02021-12-22 12:44:18.194root 11241100x80000000000000004019405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6c73ff45d225902021-12-22 12:44:18.194root 11241100x80000000000000004019406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf752a3a69fdaf22021-12-22 12:44:18.194root 11241100x80000000000000004019407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a251976833dc94b42021-12-22 12:44:18.194root 11241100x80000000000000004019408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d515023a7a75c5532021-12-22 12:44:18.194root 11241100x80000000000000004019409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e472a38f5dd4f2021-12-22 12:44:18.693root 11241100x80000000000000004019410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7803c439645fc9f32021-12-22 12:44:18.693root 11241100x80000000000000004019411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab911c35641c7982021-12-22 12:44:18.693root 11241100x80000000000000004019412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc0b94f98ac939d2021-12-22 12:44:18.693root 11241100x80000000000000004019413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76655ef8b8455ba2021-12-22 12:44:18.693root 11241100x80000000000000004019414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b551c4d15712b62021-12-22 12:44:18.693root 11241100x80000000000000004019415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26bb95d6f44f9d22021-12-22 12:44:18.693root 11241100x80000000000000004019416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762b6dbcb05d858a2021-12-22 12:44:18.693root 11241100x80000000000000004019417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cf76e5c5d93f3b2021-12-22 12:44:18.693root 11241100x80000000000000004019418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15f60ce777271e82021-12-22 12:44:19.193root 11241100x80000000000000004019419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f70649156cd522c2021-12-22 12:44:19.193root 11241100x80000000000000004019420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705dd1579fc902d22021-12-22 12:44:19.193root 11241100x80000000000000004019421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c459bc95ab39c5e12021-12-22 12:44:19.193root 11241100x80000000000000004019422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4305136cae793c2021-12-22 12:44:19.193root 11241100x80000000000000004019423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2407ec073928ba942021-12-22 12:44:19.193root 11241100x80000000000000004019424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213ef40106a580f22021-12-22 12:44:19.193root 11241100x80000000000000004019425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fea4ec42689b7c2021-12-22 12:44:19.193root 11241100x80000000000000004019426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292878a8c0f0abdf2021-12-22 12:44:19.193root 11241100x80000000000000004019427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9baf9d492188fd2021-12-22 12:44:19.693root 11241100x80000000000000004019428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e3d576ad465ae02021-12-22 12:44:19.693root 11241100x80000000000000004019429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4023a30703c0532021-12-22 12:44:19.693root 11241100x80000000000000004019430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00dc494a97a21062021-12-22 12:44:19.693root 11241100x80000000000000004019431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d5d4d88d0da0072021-12-22 12:44:19.693root 11241100x80000000000000004019432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce76158275daef292021-12-22 12:44:19.693root 11241100x80000000000000004019433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a04e9736328f1212021-12-22 12:44:19.693root 11241100x80000000000000004019434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c214748a0a1f902021-12-22 12:44:19.693root 11241100x80000000000000004019435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4425157eb558fc382021-12-22 12:44:19.694root 11241100x80000000000000004019436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c9f7aaedf2f9c92021-12-22 12:44:20.193root 11241100x80000000000000004019437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991771971c929a532021-12-22 12:44:20.193root 11241100x80000000000000004019438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c7c80218f90cbb2021-12-22 12:44:20.193root 11241100x80000000000000004019439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5777a32eece2652021-12-22 12:44:20.193root 11241100x80000000000000004019440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b748fab938d9062021-12-22 12:44:20.193root 11241100x80000000000000004019441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0972937ec8e5902021-12-22 12:44:20.193root 11241100x80000000000000004019442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ece5e3a7c3c84a2021-12-22 12:44:20.193root 11241100x80000000000000004019443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009ddcb996d748462021-12-22 12:44:20.193root 11241100x80000000000000004019444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fa2fe905c47c2d2021-12-22 12:44:20.194root 11241100x80000000000000004019445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a11811c060d76e2021-12-22 12:44:20.693root 11241100x80000000000000004019446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7fa35372c8cea42021-12-22 12:44:20.693root 11241100x80000000000000004019447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a52d61bb2a1c4e12021-12-22 12:44:20.693root 11241100x80000000000000004019448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e959dfe68aefd4442021-12-22 12:44:20.693root 11241100x80000000000000004019449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a35f3e51cd76d42021-12-22 12:44:20.693root 11241100x80000000000000004019450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408e6f8eb14956a32021-12-22 12:44:20.693root 11241100x80000000000000004019451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc26caa850e8ccb2021-12-22 12:44:20.693root 11241100x80000000000000004019452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7e4928ecbfd3df2021-12-22 12:44:20.693root 11241100x80000000000000004019453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc675ef9f2c969b72021-12-22 12:44:20.693root 11241100x80000000000000004019454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93f25d2597efc0c2021-12-22 12:44:21.193root 11241100x80000000000000004019455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0478f311f684e2021-12-22 12:44:21.193root 11241100x80000000000000004019456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca5900533487d1e2021-12-22 12:44:21.193root 11241100x80000000000000004019457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e599887b0f1f152021-12-22 12:44:21.193root 11241100x80000000000000004019458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c895bf13d967e03d2021-12-22 12:44:21.193root 11241100x80000000000000004019459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78eb453ffbbfd152021-12-22 12:44:21.193root 11241100x80000000000000004019460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fc12f33901bb4e2021-12-22 12:44:21.193root 11241100x80000000000000004019461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c82fe2723f20602021-12-22 12:44:21.193root 11241100x80000000000000004019462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71cfaa91a5177852021-12-22 12:44:21.193root 11241100x80000000000000004019463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a968c9ea6a49452021-12-22 12:44:21.693root 11241100x80000000000000004019464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87253b133b4b0dc42021-12-22 12:44:21.693root 11241100x80000000000000004019465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89db1b1e70f6fbd62021-12-22 12:44:21.693root 11241100x80000000000000004019466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356bc3f026df79b12021-12-22 12:44:21.693root 11241100x80000000000000004019467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851b4507a7e78d522021-12-22 12:44:21.693root 11241100x80000000000000004019468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bae2849ce417f172021-12-22 12:44:21.693root 11241100x80000000000000004019469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3b5908dbe9fe832021-12-22 12:44:21.693root 11241100x80000000000000004019470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af60b5f3d422e3eb2021-12-22 12:44:21.694root 11241100x80000000000000004019471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f6a3f6b3b122522021-12-22 12:44:21.694root 11241100x80000000000000004019472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d0cd25883f0d72021-12-22 12:44:22.193root 11241100x80000000000000004019473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd431772fde3b3512021-12-22 12:44:22.193root 11241100x80000000000000004019474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b7b81d08d6fc982021-12-22 12:44:22.193root 11241100x80000000000000004019475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed06e1db95fad182021-12-22 12:44:22.193root 11241100x80000000000000004019476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19317570b49fadf82021-12-22 12:44:22.193root 11241100x80000000000000004019477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e988d9776ff3de2021-12-22 12:44:22.193root 11241100x80000000000000004019478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b965321816250cb2021-12-22 12:44:22.193root 11241100x80000000000000004019479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c620bbfebabaec2b2021-12-22 12:44:22.193root 11241100x80000000000000004019480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba08bf9d687479432021-12-22 12:44:22.193root 11241100x80000000000000004019481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2128711cc26d7d9a2021-12-22 12:44:22.693root 11241100x80000000000000004019482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6865fc754b8bfefa2021-12-22 12:44:22.693root 11241100x80000000000000004019483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa3b18e994b26de2021-12-22 12:44:22.693root 11241100x80000000000000004019484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb05d118b5a6eea2021-12-22 12:44:22.693root 11241100x80000000000000004019485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe72cb88424ee16e2021-12-22 12:44:22.693root 11241100x80000000000000004019486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07c8dc955461d952021-12-22 12:44:22.693root 11241100x80000000000000004019487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ca14521d6dfe622021-12-22 12:44:22.693root 11241100x80000000000000004019488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2699977db74197572021-12-22 12:44:22.693root 11241100x80000000000000004019489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365c7939d7067312021-12-22 12:44:22.693root 354300x80000000000000004019490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.033{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56836-false10.0.1.12-8000- 11241100x80000000000000004019491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dc6c4d2c1f6fd32021-12-22 12:44:23.034root 11241100x80000000000000004019492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c155cdbcd0e14e1b2021-12-22 12:44:23.034root 11241100x80000000000000004019493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c7a1c6d18e75ae2021-12-22 12:44:23.034root 11241100x80000000000000004019494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3bd6aaa1217e722021-12-22 12:44:23.034root 11241100x80000000000000004019495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9b031aa6abf36f2021-12-22 12:44:23.034root 11241100x80000000000000004019496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78231bb03d44fc82021-12-22 12:44:23.034root 11241100x80000000000000004019497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1a1d1f48ff16ca2021-12-22 12:44:23.034root 11241100x80000000000000004019498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160488ea5f96d4092021-12-22 12:44:23.034root 11241100x80000000000000004019499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d4ef4b8d83a6bf2021-12-22 12:44:23.034root 11241100x80000000000000004019500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efae169d0309362c2021-12-22 12:44:23.035root 11241100x80000000000000004019501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d3ccd1bb0469c72021-12-22 12:44:23.443root 11241100x80000000000000004019502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48634fb2a52f1ffe2021-12-22 12:44:23.443root 11241100x80000000000000004019503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ea7a5d4eaec6fa2021-12-22 12:44:23.443root 11241100x80000000000000004019504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edca6fcfab167132021-12-22 12:44:23.443root 11241100x80000000000000004019505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4983ac0fe616302021-12-22 12:44:23.443root 11241100x80000000000000004019506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1ca5f141a20c8d2021-12-22 12:44:23.444root 11241100x80000000000000004019507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e654dad5e2321cf2021-12-22 12:44:23.444root 11241100x80000000000000004019508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55fb66200b663832021-12-22 12:44:23.444root 11241100x80000000000000004019509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099df13cbe4986bd2021-12-22 12:44:23.444root 11241100x80000000000000004019510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056d9e7edb933cbb2021-12-22 12:44:23.444root 11241100x80000000000000004019511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dba810a77dbe8cd2021-12-22 12:44:23.943root 11241100x80000000000000004019512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467daf3373903f102021-12-22 12:44:23.943root 11241100x80000000000000004019513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fb14e499bfa1b72021-12-22 12:44:23.943root 11241100x80000000000000004019514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7680623e6e6df80b2021-12-22 12:44:23.943root 11241100x80000000000000004019515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f85cc8f2a66df122021-12-22 12:44:23.943root 11241100x80000000000000004019516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3a2a654c4c3eb02021-12-22 12:44:23.943root 11241100x80000000000000004019517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c2c52545876d212021-12-22 12:44:23.943root 11241100x80000000000000004019518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f4cf7ab35c90c42021-12-22 12:44:23.943root 11241100x80000000000000004019519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cc52567c07e1a12021-12-22 12:44:23.943root 11241100x80000000000000004019520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab92d7ebdfeded82021-12-22 12:44:23.943root 11241100x80000000000000004019521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373c5166b10fd3872021-12-22 12:44:24.443root 11241100x80000000000000004019522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd024af3447752a2021-12-22 12:44:24.443root 11241100x80000000000000004019523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6399f1b1e5c8a6e42021-12-22 12:44:24.443root 11241100x80000000000000004019524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcc60782ce67c602021-12-22 12:44:24.443root 11241100x80000000000000004019525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f8ad3a46b559812021-12-22 12:44:24.443root 11241100x80000000000000004019526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefa5ad59f31f4182021-12-22 12:44:24.443root 11241100x80000000000000004019527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755fd44fc29566dd2021-12-22 12:44:24.443root 11241100x80000000000000004019528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02be757044ad4132021-12-22 12:44:24.443root 11241100x80000000000000004019529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce29d4a99383f092021-12-22 12:44:24.444root 11241100x80000000000000004019530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5045ae16854a95672021-12-22 12:44:24.444root 11241100x80000000000000004019531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcc310e4a1d85e22021-12-22 12:44:24.943root 11241100x80000000000000004019532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a266383e0ac00902021-12-22 12:44:24.943root 11241100x80000000000000004019533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed4a4a012af0e202021-12-22 12:44:24.943root 11241100x80000000000000004019534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5e88d2d893ef402021-12-22 12:44:24.943root 11241100x80000000000000004019535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0089e2e133dbcc12021-12-22 12:44:24.943root 11241100x80000000000000004019536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbb01436c0109f62021-12-22 12:44:24.943root 11241100x80000000000000004019537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd42b51ddba822e12021-12-22 12:44:24.943root 11241100x80000000000000004019538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992a654d72989d292021-12-22 12:44:24.944root 11241100x80000000000000004019539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd58f26e034303d2021-12-22 12:44:24.944root 11241100x80000000000000004019540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa234b0efe462c22021-12-22 12:44:24.944root 11241100x80000000000000004019541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf406f2add3664b2021-12-22 12:44:25.443root 11241100x80000000000000004019542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687a55be8e9073482021-12-22 12:44:25.443root 11241100x80000000000000004019543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e27959202c4dccb2021-12-22 12:44:25.443root 11241100x80000000000000004019544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c761eada74f3622021-12-22 12:44:25.443root 11241100x80000000000000004019545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3048b95928d6cd552021-12-22 12:44:25.443root 11241100x80000000000000004019546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb0d3f7d5d188de2021-12-22 12:44:25.443root 11241100x80000000000000004019547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00fa1d9eaa95ebf2021-12-22 12:44:25.443root 11241100x80000000000000004019548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dae6248023115252021-12-22 12:44:25.443root 11241100x80000000000000004019549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc280616eb1d2e32021-12-22 12:44:25.444root 11241100x80000000000000004019550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ba89bfee1cc67c2021-12-22 12:44:25.444root 11241100x80000000000000004019551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddbec902126407c2021-12-22 12:44:25.943root 11241100x80000000000000004019552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab290240a8547af2021-12-22 12:44:25.943root 11241100x80000000000000004019553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d42d249ee4cb5e2021-12-22 12:44:25.943root 11241100x80000000000000004019554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add55c081f25ca432021-12-22 12:44:25.943root 11241100x80000000000000004019555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d12cd7abd49adc42021-12-22 12:44:25.944root 11241100x80000000000000004019556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a49e6c4e0a8890b2021-12-22 12:44:25.944root 11241100x80000000000000004019557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47778134897759f2021-12-22 12:44:25.944root 11241100x80000000000000004019558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1930096593a4ee12021-12-22 12:44:25.944root 11241100x80000000000000004019559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a6fa34b4a054d72021-12-22 12:44:25.945root 11241100x80000000000000004019560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949573b01c71eb7b2021-12-22 12:44:25.945root 11241100x80000000000000004019561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfd924d690afba52021-12-22 12:44:26.443root 11241100x80000000000000004019562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbd9504e3aa1f9b2021-12-22 12:44:26.443root 11241100x80000000000000004019563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23210ed4d65535f42021-12-22 12:44:26.443root 11241100x80000000000000004019564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454b885ffd05ebf72021-12-22 12:44:26.443root 11241100x80000000000000004019565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96606d33669845072021-12-22 12:44:26.443root 11241100x80000000000000004019566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdc0c5953b0b3252021-12-22 12:44:26.443root 11241100x80000000000000004019567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439905d08a6f32532021-12-22 12:44:26.443root 11241100x80000000000000004019568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bb34234132f9292021-12-22 12:44:26.444root 11241100x80000000000000004019569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c42ec2c54e6f12e2021-12-22 12:44:26.444root 11241100x80000000000000004019570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7c66c51ece89df2021-12-22 12:44:26.444root 11241100x80000000000000004019571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60299ceae5b92e432021-12-22 12:44:26.943root 11241100x80000000000000004019572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee05d0cdd1c13bc2021-12-22 12:44:26.943root 11241100x80000000000000004019573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e017c2c9a9759c422021-12-22 12:44:26.943root 11241100x80000000000000004019574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e340e0ed70da1dd2021-12-22 12:44:26.943root 11241100x80000000000000004019575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925521d7c1bc96482021-12-22 12:44:26.943root 11241100x80000000000000004019576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe2cbf43ba8afb52021-12-22 12:44:26.943root 11241100x80000000000000004019577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceecb803a670b7ca2021-12-22 12:44:26.943root 11241100x80000000000000004019578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff030b8d62401512021-12-22 12:44:26.943root 11241100x80000000000000004019579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99c5b8bce341dd22021-12-22 12:44:26.944root 11241100x80000000000000004019580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0e2d71da6e516e2021-12-22 12:44:26.944root 11241100x80000000000000004019581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89ed53f6c482a182021-12-22 12:44:27.443root 11241100x80000000000000004019582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caebfc15e3fb97362021-12-22 12:44:27.443root 11241100x80000000000000004019583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94b6d17a1be4bb52021-12-22 12:44:27.443root 11241100x80000000000000004019584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ea5fbd01a44f0b2021-12-22 12:44:27.443root 11241100x80000000000000004019585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27130df43c1473b92021-12-22 12:44:27.443root 11241100x80000000000000004019586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e13a4fc0febe952021-12-22 12:44:27.443root 11241100x80000000000000004019587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3968c24248edd22021-12-22 12:44:27.444root 11241100x80000000000000004019588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0064cc823e6892722021-12-22 12:44:27.444root 11241100x80000000000000004019589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc0b47fcc5a81c92021-12-22 12:44:27.444root 11241100x80000000000000004019590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec2ccbcb411a7fd2021-12-22 12:44:27.444root 11241100x80000000000000004019591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155050b7402af6d62021-12-22 12:44:27.943root 11241100x80000000000000004019592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba72ab339fa29822021-12-22 12:44:27.943root 11241100x80000000000000004019593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137426801382a0492021-12-22 12:44:27.943root 11241100x80000000000000004019594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667b76b0048913fc2021-12-22 12:44:27.943root 11241100x80000000000000004019595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e40b89ffe67c5c92021-12-22 12:44:27.943root 11241100x80000000000000004019596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310dd443978666e72021-12-22 12:44:27.944root 11241100x80000000000000004019597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35dd9bf923c6d742021-12-22 12:44:27.944root 11241100x80000000000000004019598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5e41cd278415102021-12-22 12:44:27.944root 11241100x80000000000000004019599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1648adcc023d1ad42021-12-22 12:44:27.944root 11241100x80000000000000004019600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36be9a85131fd15f2021-12-22 12:44:27.944root 354300x80000000000000004019601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.137{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56838-false10.0.1.12-8000- 154100x80000000000000004019602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.423{ec2b6afe-1dac-61c3-6854-e51f5f550000}22709/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x80000000000000004019603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.425{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fa9c3f423633d92021-12-22 12:44:28.425root 11241100x80000000000000004019604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.426{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5b3d62f9f922f12021-12-22 12:44:28.426root 11241100x80000000000000004019605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.426{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d23264b4fe8ee02021-12-22 12:44:28.426root 11241100x80000000000000004019606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.426{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb94291571ece2ec2021-12-22 12:44:28.426root 11241100x80000000000000004019607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ba3c216f2bd83e2021-12-22 12:44:28.427root 11241100x80000000000000004019608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed6caa159e70d452021-12-22 12:44:28.427root 11241100x80000000000000004019609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c032e8345fbde9d2021-12-22 12:44:28.427root 11241100x80000000000000004019610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633546a66cdbc0df2021-12-22 12:44:28.427root 11241100x80000000000000004019611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3cc4b0ace440db2021-12-22 12:44:28.427root 11241100x80000000000000004019612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb8c6848310412b2021-12-22 12:44:28.427root 11241100x80000000000000004019613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2d5f7103d2a5ce2021-12-22 12:44:28.428root 11241100x80000000000000004019614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5374dbd0cadbec2021-12-22 12:44:28.428root 534500x80000000000000004019615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.436{ec2b6afe-1dac-61c3-6854-e51f5f550000}22709/bin/psroot 11241100x80000000000000004019616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d40219a08ffe0d2021-12-22 12:44:28.693root 11241100x80000000000000004019617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae138a0cea7e0e32021-12-22 12:44:28.693root 11241100x80000000000000004019618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb30aa365e0aad72021-12-22 12:44:28.693root 11241100x80000000000000004019619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0848d7ba887fc2f42021-12-22 12:44:28.694root 11241100x80000000000000004019620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30371f6a7dacac12021-12-22 12:44:28.694root 11241100x80000000000000004019621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61693dbbcc3b1fc2021-12-22 12:44:28.694root 11241100x80000000000000004019622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3823361e1e3af9fb2021-12-22 12:44:28.694root 11241100x80000000000000004019623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a7c1ea5a173ddc2021-12-22 12:44:28.694root 11241100x80000000000000004019624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78db4d3a7ae3bcd2021-12-22 12:44:28.694root 11241100x80000000000000004019625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3219cf379a01c32021-12-22 12:44:28.694root 11241100x80000000000000004019626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cb703a774762c12021-12-22 12:44:28.695root 11241100x80000000000000004019627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bbb0a84f315f4c2021-12-22 12:44:28.695root 11241100x80000000000000004019628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5414edfb2e8125d2021-12-22 12:44:28.695root 11241100x80000000000000004019629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db551cbe965fb3fa2021-12-22 12:44:29.193root 11241100x80000000000000004019630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ef8f00490e1ffe2021-12-22 12:44:29.193root 11241100x80000000000000004019631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c92124c9550bfd92021-12-22 12:44:29.193root 11241100x80000000000000004019632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e343687f26c1df2021-12-22 12:44:29.193root 11241100x80000000000000004019633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd57147651ecc3692021-12-22 12:44:29.193root 11241100x80000000000000004019634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eee2afc0a246c542021-12-22 12:44:29.193root 11241100x80000000000000004019635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8afcdb79e27f612021-12-22 12:44:29.194root 11241100x80000000000000004019636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfbb2d4444d0f402021-12-22 12:44:29.194root 11241100x80000000000000004019637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6894f9b9cf949d92021-12-22 12:44:29.194root 11241100x80000000000000004019638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37999f67467bb142021-12-22 12:44:29.194root 11241100x80000000000000004019639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79c28a6be8ee8e82021-12-22 12:44:29.194root 11241100x80000000000000004019640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365ce2c3c0cac4822021-12-22 12:44:29.194root 11241100x80000000000000004019641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e184aec4794f322021-12-22 12:44:29.194root 11241100x80000000000000004019642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7fc4f869e64ddb2021-12-22 12:44:29.693root 11241100x80000000000000004019643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31b081ac67bbec82021-12-22 12:44:29.693root 11241100x80000000000000004019644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f44aa41b1057672021-12-22 12:44:29.693root 11241100x80000000000000004019645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f70be089ed5dfc82021-12-22 12:44:29.693root 11241100x80000000000000004019646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6a150105e1caba2021-12-22 12:44:29.693root 11241100x80000000000000004019647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d51d6a010697f72021-12-22 12:44:29.693root 11241100x80000000000000004019648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7532a3498126eaa2021-12-22 12:44:29.694root 11241100x80000000000000004019649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e9347433e527b72021-12-22 12:44:29.694root 11241100x80000000000000004019650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97180f06c7ddd862021-12-22 12:44:29.694root 11241100x80000000000000004019651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1ace19ec2772dd2021-12-22 12:44:29.694root 11241100x80000000000000004019652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853e29271a08dd9e2021-12-22 12:44:29.694root 11241100x80000000000000004019653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617ec42c16267f142021-12-22 12:44:29.694root 11241100x80000000000000004019654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7f380c4171c5522021-12-22 12:44:29.694root 11241100x80000000000000004019655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2574e0cf176759302021-12-22 12:44:30.193root 11241100x80000000000000004019656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe62c69ca9cc89a12021-12-22 12:44:30.193root 11241100x80000000000000004019657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549ff65109b45ea12021-12-22 12:44:30.193root 11241100x80000000000000004019658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc72593565cf4da2021-12-22 12:44:30.193root 11241100x80000000000000004019659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1d5fed8809a9012021-12-22 12:44:30.193root 11241100x80000000000000004019660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52d870517bda442021-12-22 12:44:30.193root 11241100x80000000000000004019661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d2a847610a86a62021-12-22 12:44:30.193root 11241100x80000000000000004019662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ff3fc465bbc5622021-12-22 12:44:30.193root 11241100x80000000000000004019663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd78aa0492589162021-12-22 12:44:30.194root 11241100x80000000000000004019664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4042a40f04350ea32021-12-22 12:44:30.194root 11241100x80000000000000004019665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1dcaa6c000e11a2021-12-22 12:44:30.194root 11241100x80000000000000004019666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a652c917afb4812021-12-22 12:44:30.194root 11241100x80000000000000004019667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6a6ea1e0bec2752021-12-22 12:44:30.194root 11241100x80000000000000004019668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2511797efc6007fa2021-12-22 12:44:30.693root 11241100x80000000000000004019669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cee09904c6691172021-12-22 12:44:30.693root 11241100x80000000000000004019670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db289bceceeb0482021-12-22 12:44:30.693root 11241100x80000000000000004019671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c0a1b50be45fae2021-12-22 12:44:30.693root 11241100x80000000000000004019672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a4700243bbd5502021-12-22 12:44:30.693root 11241100x80000000000000004019673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc86ac55d546746a2021-12-22 12:44:30.693root 11241100x80000000000000004019674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3b382626fad0032021-12-22 12:44:30.693root 11241100x80000000000000004019675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278608f1104f0fa82021-12-22 12:44:30.694root 11241100x80000000000000004019676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63dd0b8d3a351252021-12-22 12:44:30.694root 11241100x80000000000000004019677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08816d33b8228fad2021-12-22 12:44:30.694root 11241100x80000000000000004019678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b45e2a79d5fcb802021-12-22 12:44:30.694root 11241100x80000000000000004019679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69f4aa6adc37ccf2021-12-22 12:44:30.694root 11241100x80000000000000004019680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79cf7cc8062e6712021-12-22 12:44:30.694root 11241100x80000000000000004019681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e578b2b355f472021-12-22 12:44:31.193root 11241100x80000000000000004019682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f49d1f959dbb632021-12-22 12:44:31.193root 11241100x80000000000000004019683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b5fac8803ac17b2021-12-22 12:44:31.193root 11241100x80000000000000004019684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94940c6345ec58d2021-12-22 12:44:31.193root 11241100x80000000000000004019685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e584984dbf5af3202021-12-22 12:44:31.193root 11241100x80000000000000004019686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5207395d3fa7601a2021-12-22 12:44:31.193root 11241100x80000000000000004019687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53578720221bfc022021-12-22 12:44:31.193root 11241100x80000000000000004019688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf02dff59c102322021-12-22 12:44:31.194root 11241100x80000000000000004019689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d479362b880518e72021-12-22 12:44:31.194root 11241100x80000000000000004019690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebaaec58dc08d242021-12-22 12:44:31.194root 11241100x80000000000000004019691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cd07a16c31b5f12021-12-22 12:44:31.194root 11241100x80000000000000004019692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebb95eabd6554652021-12-22 12:44:31.194root 11241100x80000000000000004019693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f047ae99baf9862021-12-22 12:44:31.194root 11241100x80000000000000004019694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc041ec5ce7d0e62021-12-22 12:44:31.693root 11241100x80000000000000004019695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58fe290fa9be8a62021-12-22 12:44:31.693root 11241100x80000000000000004019696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254a5dce535bdc052021-12-22 12:44:31.693root 11241100x80000000000000004019697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99aed0be065eccf2021-12-22 12:44:31.693root 11241100x80000000000000004019698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f57de3be79cfdd42021-12-22 12:44:31.693root 11241100x80000000000000004019699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03444559156ad072021-12-22 12:44:31.693root 11241100x80000000000000004019700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955a2e70fbb8b7072021-12-22 12:44:31.693root 11241100x80000000000000004019701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06c9a6b863a9cad2021-12-22 12:44:31.694root 11241100x80000000000000004019702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f994645a20df77ae2021-12-22 12:44:31.694root 11241100x80000000000000004019703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2416884b72f9c4c2021-12-22 12:44:31.694root 11241100x80000000000000004019704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7db0d5097446fd12021-12-22 12:44:31.694root 11241100x80000000000000004019705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a79800f98139092021-12-22 12:44:31.694root 11241100x80000000000000004019706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e40f906a81a94912021-12-22 12:44:31.694root 11241100x80000000000000004019707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb0b3a94683c58b2021-12-22 12:44:32.193root 11241100x80000000000000004019708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308afdb8a86416df2021-12-22 12:44:32.193root 11241100x80000000000000004019709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb1f2095325052b2021-12-22 12:44:32.193root 11241100x80000000000000004019710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b58dcccefc1d292021-12-22 12:44:32.193root 11241100x80000000000000004019711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46751c80a32a278d2021-12-22 12:44:32.193root 11241100x80000000000000004019712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0854b53fed30b722021-12-22 12:44:32.193root 11241100x80000000000000004019713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d876361378b436992021-12-22 12:44:32.194root 11241100x80000000000000004019714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723dbb578b75dacf2021-12-22 12:44:32.194root 11241100x80000000000000004019715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4533cc47c6fad2982021-12-22 12:44:32.194root 11241100x80000000000000004019716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2171f1854ad4dcef2021-12-22 12:44:32.194root 11241100x80000000000000004019717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d202ba3799ee86b22021-12-22 12:44:32.194root 11241100x80000000000000004019718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d96a8d19ab563f2021-12-22 12:44:32.194root 11241100x80000000000000004019719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de9f8f3272da702021-12-22 12:44:32.194root 11241100x80000000000000004019720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69017b470d03055e2021-12-22 12:44:32.693root 11241100x80000000000000004019721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6834d45b013895722021-12-22 12:44:32.693root 11241100x80000000000000004019722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9206b44b3e0262872021-12-22 12:44:32.693root 11241100x80000000000000004019723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e941300689948f2021-12-22 12:44:32.693root 11241100x80000000000000004019724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0a4eee4ae83a0f2021-12-22 12:44:32.693root 11241100x80000000000000004019725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e982aaafb63cd452021-12-22 12:44:32.694root 11241100x80000000000000004019726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06271cd781fefb722021-12-22 12:44:32.694root 11241100x80000000000000004019727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f10a4e1010cc2a52021-12-22 12:44:32.694root 11241100x80000000000000004019728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcf5844cd9c53682021-12-22 12:44:32.695root 11241100x80000000000000004019729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3900ff24c9e2aa2021-12-22 12:44:32.695root 11241100x80000000000000004019730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f352d5dc76d5f762021-12-22 12:44:32.695root 11241100x80000000000000004019731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6c9d237636174b2021-12-22 12:44:32.695root 11241100x80000000000000004019732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61e75cba506ba4c2021-12-22 12:44:32.696root 11241100x80000000000000004019733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.124{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:44:33.124root 11241100x80000000000000004019734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5bbbeb7a012bb62021-12-22 12:44:33.126root 11241100x80000000000000004019735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8310c992f6877c592021-12-22 12:44:33.126root 11241100x80000000000000004019736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7771b9ee9e49b9092021-12-22 12:44:33.126root 11241100x80000000000000004019737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aa6e3afe9ece212021-12-22 12:44:33.126root 11241100x80000000000000004019738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c260742738c0e0ac2021-12-22 12:44:33.126root 11241100x80000000000000004019739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ef4767c958ec272021-12-22 12:44:33.126root 11241100x80000000000000004019740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb1c35245d98dd92021-12-22 12:44:33.126root 11241100x80000000000000004019741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb73fad56ff1f7882021-12-22 12:44:33.126root 11241100x80000000000000004019742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9d9f70d0e1123a2021-12-22 12:44:33.126root 11241100x80000000000000004019743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a7449dc3068aa12021-12-22 12:44:33.126root 11241100x80000000000000004019744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c85435147fa06c2021-12-22 12:44:33.127root 11241100x80000000000000004019745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c621e3363753a52021-12-22 12:44:33.127root 11241100x80000000000000004019746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97de165ebeba1682021-12-22 12:44:33.127root 11241100x80000000000000004019747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d3a9a16019ce132021-12-22 12:44:33.127root 11241100x80000000000000004019748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d8ae3948c542f62021-12-22 12:44:33.128root 11241100x80000000000000004019749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62b049914e74e412021-12-22 12:44:33.128root 11241100x80000000000000004019750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e995b19ba62f122021-12-22 12:44:33.128root 11241100x80000000000000004019751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d324f557631be862021-12-22 12:44:33.442root 11241100x80000000000000004019752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637bbc1506440c4f2021-12-22 12:44:33.443root 11241100x80000000000000004019753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0def67d78e81c202021-12-22 12:44:33.443root 11241100x80000000000000004019754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296618a54762e63c2021-12-22 12:44:33.443root 11241100x80000000000000004019755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d792b56da8c5677a2021-12-22 12:44:33.443root 11241100x80000000000000004019756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58680ece22182ddc2021-12-22 12:44:33.443root 11241100x80000000000000004019757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52b02ae4f9b8abb2021-12-22 12:44:33.443root 11241100x80000000000000004019758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5571d21236dff22021-12-22 12:44:33.444root 11241100x80000000000000004019759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911307c0fd904a742021-12-22 12:44:33.444root 11241100x80000000000000004019760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31f101c78bb26f22021-12-22 12:44:33.444root 11241100x80000000000000004019761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ba1d32e167212f2021-12-22 12:44:33.444root 11241100x80000000000000004019762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d978c8bb1934c0e02021-12-22 12:44:33.444root 11241100x80000000000000004019763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23beecf00e67f7092021-12-22 12:44:33.444root 11241100x80000000000000004019764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de209c849f73de222021-12-22 12:44:33.444root 11241100x80000000000000004019765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce09b6ca233fade32021-12-22 12:44:33.943root 11241100x80000000000000004019766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52baa004cb302762021-12-22 12:44:33.943root 11241100x80000000000000004019767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea93c90c4f377802021-12-22 12:44:33.943root 11241100x80000000000000004019768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cd1c71e9a1bf632021-12-22 12:44:33.943root 11241100x80000000000000004019769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2850dae86c74582021-12-22 12:44:33.943root 11241100x80000000000000004019770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cb379baa3768782021-12-22 12:44:33.944root 11241100x80000000000000004019771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd5934dd414d69a2021-12-22 12:44:33.944root 11241100x80000000000000004019772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb64cbeee6f27d82021-12-22 12:44:33.944root 11241100x80000000000000004019773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b8e5bdd5cd0bf12021-12-22 12:44:33.944root 11241100x80000000000000004019774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89cf3978d1c7eaf2021-12-22 12:44:33.944root 11241100x80000000000000004019775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a646c5261250b622021-12-22 12:44:33.944root 11241100x80000000000000004019776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a77c009e9548402021-12-22 12:44:33.944root 11241100x80000000000000004019777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3685dfd92c4c03cc2021-12-22 12:44:33.944root 11241100x80000000000000004019778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3b8acef2b6a2cf2021-12-22 12:44:33.944root 354300x80000000000000004019779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.052{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56840-false10.0.1.12-8000- 354300x80000000000000004019780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.299{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-43906-false10.0.1.12-8089- 11241100x80000000000000004019781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7767f241a7c2382021-12-22 12:44:34.300root 11241100x80000000000000004019782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af57028762262b952021-12-22 12:44:34.300root 11241100x80000000000000004019783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5b1725160ca9ce2021-12-22 12:44:34.300root 11241100x80000000000000004019784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca2152a46e8162c2021-12-22 12:44:34.300root 11241100x80000000000000004019785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb722ab03da79d72021-12-22 12:44:34.301root 11241100x80000000000000004019786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9d8ecba532865b2021-12-22 12:44:34.301root 11241100x80000000000000004019787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3e049397d24e2e2021-12-22 12:44:34.301root 11241100x80000000000000004019788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783b9466cac871332021-12-22 12:44:34.301root 11241100x80000000000000004019789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d6deab260b7e152021-12-22 12:44:34.301root 11241100x80000000000000004019790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f487fa1b0bf080d2021-12-22 12:44:34.301root 11241100x80000000000000004019791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa63b27a51009cc2021-12-22 12:44:34.301root 11241100x80000000000000004019792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64536bd51dd41fb2021-12-22 12:44:34.301root 11241100x80000000000000004019793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74967fad67e9ce7c2021-12-22 12:44:34.301root 11241100x80000000000000004019794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f655cf09f6aacd362021-12-22 12:44:34.301root 11241100x80000000000000004019795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5157bcb7915e912021-12-22 12:44:34.301root 11241100x80000000000000004019796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d15a6431d968be2021-12-22 12:44:34.301root 11241100x80000000000000004019797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0360bcc151ae0d2021-12-22 12:44:34.693root 11241100x80000000000000004019798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a4e3ed69ed7bc32021-12-22 12:44:34.693root 11241100x80000000000000004019799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9834e28b86e947632021-12-22 12:44:34.693root 11241100x80000000000000004019800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ff1214890ccbd32021-12-22 12:44:34.693root 11241100x80000000000000004019801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440a7940f835a0722021-12-22 12:44:34.693root 11241100x80000000000000004019802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e941059fc183112021-12-22 12:44:34.693root 11241100x80000000000000004019803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5e43ebc1d5ba412021-12-22 12:44:34.693root 11241100x80000000000000004019804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a4d29b5b6cdabe2021-12-22 12:44:34.694root 11241100x80000000000000004019805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4d1b5f34b9d1852021-12-22 12:44:34.694root 11241100x80000000000000004019806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8f44340fe72ed82021-12-22 12:44:34.694root 11241100x80000000000000004019807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeb7d4fbe2da0012021-12-22 12:44:34.694root 11241100x80000000000000004019808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c467df2827bfe612021-12-22 12:44:34.694root 11241100x80000000000000004019809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09062b8596940eaa2021-12-22 12:44:34.694root 11241100x80000000000000004019810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0068b2c2fb327fd52021-12-22 12:44:34.694root 11241100x80000000000000004019811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f57a963d13373c52021-12-22 12:44:34.694root 11241100x80000000000000004019812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3977047a4b71e722021-12-22 12:44:34.694root 11241100x80000000000000004019813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159a600e72f2213c2021-12-22 12:44:35.193root 11241100x80000000000000004019814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09c44a4a087d2d92021-12-22 12:44:35.193root 11241100x80000000000000004019815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b245e72b40fe2f072021-12-22 12:44:35.193root 11241100x80000000000000004019816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ff0c04e8f1a6c52021-12-22 12:44:35.193root 11241100x80000000000000004019817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef2dcd1a9a9442d2021-12-22 12:44:35.194root 11241100x80000000000000004019818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a40875c132faec2021-12-22 12:44:35.194root 11241100x80000000000000004019819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be84b71fc8304c22021-12-22 12:44:35.194root 11241100x80000000000000004019820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9aa417a374f9b52021-12-22 12:44:35.194root 11241100x80000000000000004019821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0279c2da28afcdf62021-12-22 12:44:35.194root 11241100x80000000000000004019822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a764e5ef48bb9382021-12-22 12:44:35.194root 11241100x80000000000000004019823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d214ff1b0db0dce22021-12-22 12:44:35.194root 11241100x80000000000000004019824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b4bbd2e06953e82021-12-22 12:44:35.194root 11241100x80000000000000004019825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f34a936b28f18a62021-12-22 12:44:35.195root 11241100x80000000000000004019826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79d65bd3557b3d82021-12-22 12:44:35.195root 11241100x80000000000000004019827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172c109a0488d2222021-12-22 12:44:35.195root 11241100x80000000000000004019828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b12f24f5a4312c82021-12-22 12:44:35.195root 11241100x80000000000000004019829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0acec6890ba33f2021-12-22 12:44:35.693root 11241100x80000000000000004019830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdeadf3fa97a1cf2021-12-22 12:44:35.693root 11241100x80000000000000004019831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf873eb65f7da1b2021-12-22 12:44:35.693root 11241100x80000000000000004019832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95516fadeca2fbca2021-12-22 12:44:35.693root 11241100x80000000000000004019833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428de31f772a7fa22021-12-22 12:44:35.694root 11241100x80000000000000004019834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64978bc07ca85c432021-12-22 12:44:35.694root 11241100x80000000000000004019835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a8d3104b0e736d2021-12-22 12:44:35.694root 11241100x80000000000000004019836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202646f8ad954cde2021-12-22 12:44:35.694root 11241100x80000000000000004019837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7439b387c8eee442021-12-22 12:44:35.694root 11241100x80000000000000004019838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c51c97dc4adf8d62021-12-22 12:44:35.694root 11241100x80000000000000004019839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbf1be6481fe4092021-12-22 12:44:35.694root 11241100x80000000000000004019840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2073f9b1a67fa452021-12-22 12:44:35.694root 11241100x80000000000000004019841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db502c14936aa0362021-12-22 12:44:35.694root 11241100x80000000000000004019842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b325679b4c428592021-12-22 12:44:35.694root 11241100x80000000000000004019843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21adc3040e4b3f02021-12-22 12:44:35.694root 11241100x80000000000000004019844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d458b873dd3b06272021-12-22 12:44:35.694root 23542300x80000000000000004019845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.125{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004019846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f64422064b907e32021-12-22 12:44:36.126root 11241100x80000000000000004019847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84261deb798a301f2021-12-22 12:44:36.126root 11241100x80000000000000004019848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ba1868f5e1ab282021-12-22 12:44:36.126root 11241100x80000000000000004019849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9124d31af69d012021-12-22 12:44:36.126root 11241100x80000000000000004019850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953378e448e8acbe2021-12-22 12:44:36.126root 11241100x80000000000000004019851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ff2ef2878254ee2021-12-22 12:44:36.127root 11241100x80000000000000004019852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c7bb000435fa012021-12-22 12:44:36.127root 11241100x80000000000000004019853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abe38426b2b8dec2021-12-22 12:44:36.127root 11241100x80000000000000004019854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caefe323e6388872021-12-22 12:44:36.127root 11241100x80000000000000004019855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c035ca6c3c6012252021-12-22 12:44:36.127root 11241100x80000000000000004019856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd7fa5cd106e4472021-12-22 12:44:36.127root 11241100x80000000000000004019857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cec26aa5c4185772021-12-22 12:44:36.128root 11241100x80000000000000004019858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6f954d3d5eed502021-12-22 12:44:36.128root 11241100x80000000000000004019859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e424c466c79fff92021-12-22 12:44:36.128root 11241100x80000000000000004019860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3d9a096c4b72892021-12-22 12:44:36.128root 11241100x80000000000000004019861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b075f28cad4031e22021-12-22 12:44:36.128root 11241100x80000000000000004019862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a651c73cb6aadcea2021-12-22 12:44:36.128root 11241100x80000000000000004019863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412265ed14a4cfc42021-12-22 12:44:36.443root 11241100x80000000000000004019864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2638bfd589d4d4b2021-12-22 12:44:36.443root 11241100x80000000000000004019865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0523f450acc6dbd2021-12-22 12:44:36.443root 11241100x80000000000000004019866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b43d08d30c0b7cb2021-12-22 12:44:36.443root 11241100x80000000000000004019867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d15a13d9ec28a462021-12-22 12:44:36.444root 11241100x80000000000000004019868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeecbe98ad9132e2021-12-22 12:44:36.444root 11241100x80000000000000004019869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904ba088b7d0b7bf2021-12-22 12:44:36.444root 11241100x80000000000000004019870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7698c42309b46fb82021-12-22 12:44:36.444root 11241100x80000000000000004019871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dba6495133a42de2021-12-22 12:44:36.444root 11241100x80000000000000004019872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97cf759271a22aa2021-12-22 12:44:36.444root 11241100x80000000000000004019873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da671251fdf137a82021-12-22 12:44:36.444root 11241100x80000000000000004019874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84efd359ce16ff92021-12-22 12:44:36.444root 11241100x80000000000000004019875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d628c32803e15fe62021-12-22 12:44:36.444root 11241100x80000000000000004019876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b72224cf76a7e412021-12-22 12:44:36.445root 11241100x80000000000000004019877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67df387280067172021-12-22 12:44:36.445root 11241100x80000000000000004019878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed41ed58d2e204e62021-12-22 12:44:36.445root 11241100x80000000000000004019879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fabf0d7168317f2021-12-22 12:44:36.445root 11241100x80000000000000004019880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1a304e98c124d52021-12-22 12:44:36.943root 11241100x80000000000000004019881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8f34ae36530d782021-12-22 12:44:36.943root 11241100x80000000000000004019882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef026197fc57dfc2021-12-22 12:44:36.943root 11241100x80000000000000004019883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ad60e83d54c4112021-12-22 12:44:36.943root 11241100x80000000000000004019884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b703db8d8dc96dc2021-12-22 12:44:36.943root 11241100x80000000000000004019885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93be451a86b3ff62021-12-22 12:44:36.943root 11241100x80000000000000004019886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74104bb7f15b3912021-12-22 12:44:36.944root 11241100x80000000000000004019887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183a9821faf1577b2021-12-22 12:44:36.944root 11241100x80000000000000004019888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb70ab71a1d92ec12021-12-22 12:44:36.944root 11241100x80000000000000004019889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac940498593da4a2021-12-22 12:44:36.944root 11241100x80000000000000004019890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c37b6621f817362021-12-22 12:44:36.944root 11241100x80000000000000004019891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ddedc1b8f246762021-12-22 12:44:36.944root 11241100x80000000000000004019892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200d65d4f3c1ddf12021-12-22 12:44:36.944root 11241100x80000000000000004019893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c98cbe85286202c2021-12-22 12:44:36.944root 11241100x80000000000000004019894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e297bc17b2a80d92021-12-22 12:44:36.944root 11241100x80000000000000004019895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63c667fe1db02e62021-12-22 12:44:36.944root 11241100x80000000000000004019896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e125fc6b95c1cfb2021-12-22 12:44:36.944root 11241100x80000000000000004019897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa36231076ee8962021-12-22 12:44:37.443root 11241100x80000000000000004019898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f2cfd4027a42082021-12-22 12:44:37.443root 11241100x80000000000000004019899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdc33e7a64521a02021-12-22 12:44:37.443root 11241100x80000000000000004019900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc54f2ea04ba9ea2021-12-22 12:44:37.443root 11241100x80000000000000004019901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa000eb8cb110a6e2021-12-22 12:44:37.443root 11241100x80000000000000004019902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f058bccf8915ce632021-12-22 12:44:37.443root 11241100x80000000000000004019903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6ea440b00819b62021-12-22 12:44:37.444root 11241100x80000000000000004019904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a97f7aded83ded2021-12-22 12:44:37.444root 11241100x80000000000000004019905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bf217c5a2b49422021-12-22 12:44:37.444root 11241100x80000000000000004019906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33401e20818cb3cd2021-12-22 12:44:37.444root 11241100x80000000000000004019907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb776f08024e63a2021-12-22 12:44:37.444root 11241100x80000000000000004019908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad7e732ee9e62762021-12-22 12:44:37.444root 11241100x80000000000000004019909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b19fa97433e33a2021-12-22 12:44:37.444root 11241100x80000000000000004019910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936bc3cdfcc14a912021-12-22 12:44:37.444root 11241100x80000000000000004019911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecad695cafc69472021-12-22 12:44:37.444root 11241100x80000000000000004019912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f2b09ec64de92c2021-12-22 12:44:37.444root 11241100x80000000000000004019913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0dadcaa72fa3b5f2021-12-22 12:44:37.444root 154100x80000000000000004019914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.845{ec2b6afe-1db5-61c3-50ad-2f743e560000}22710/bin/kmod-----modprobe ./rootkit/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000004019915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.846{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed35261739d5299b2021-12-22 12:44:37.846root 534500x80000000000000004019916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.846{ec2b6afe-1db5-61c3-50ad-2f743e560000}22710/bin/kmodubuntu 11241100x80000000000000004019917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6089cf9f1c31d3102021-12-22 12:44:37.847root 11241100x80000000000000004019918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae805d7c8b9b3c722021-12-22 12:44:37.847root 11241100x80000000000000004019919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb73b789fafaa172021-12-22 12:44:37.847root 11241100x80000000000000004019920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820b45225476af012021-12-22 12:44:37.847root 11241100x80000000000000004019921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0703a6a389259512021-12-22 12:44:37.848root 11241100x80000000000000004019922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712c855c84e349252021-12-22 12:44:37.848root 11241100x80000000000000004019923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b003fa8f6515cf72021-12-22 12:44:37.848root 11241100x80000000000000004019924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b0a15279bd58f62021-12-22 12:44:37.848root 11241100x80000000000000004019925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da076ece6ecb62f2021-12-22 12:44:37.848root 11241100x80000000000000004019926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99b5f2fb1241d432021-12-22 12:44:37.848root 11241100x80000000000000004019927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ed9307b5083e212021-12-22 12:44:37.848root 11241100x80000000000000004019928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa1b48bd27dbfa92021-12-22 12:44:37.848root 11241100x80000000000000004019929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe8ed4259388aeb2021-12-22 12:44:37.848root 11241100x80000000000000004019930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f805a899fedba1d2021-12-22 12:44:37.849root 11241100x80000000000000004019931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1afbc1c38ea5bf72021-12-22 12:44:37.849root 11241100x80000000000000004019932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a72ae8e1927657d2021-12-22 12:44:37.849root 11241100x80000000000000004019933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781951619292847b2021-12-22 12:44:37.849root 11241100x80000000000000004019934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c9adfa2fd1e06e2021-12-22 12:44:37.849root 11241100x80000000000000004019935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9744a227135fea0e2021-12-22 12:44:37.849root 11241100x80000000000000004019936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45009957efb9b952021-12-22 12:44:37.849root 11241100x80000000000000004019937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a29046a1afb2ee2021-12-22 12:44:37.849root 11241100x80000000000000004019938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4375dffc1244b42021-12-22 12:44:37.849root 11241100x80000000000000004019939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e95bb286f126a32021-12-22 12:44:38.193root 11241100x80000000000000004019940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb52ec35477ccde2021-12-22 12:44:38.193root 11241100x80000000000000004019941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63ec9420e6ffb3a2021-12-22 12:44:38.193root 11241100x80000000000000004019942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fec6a0336d89acc2021-12-22 12:44:38.193root 11241100x80000000000000004019943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef72418c738c7a02021-12-22 12:44:38.193root 11241100x80000000000000004019944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b630da29968005362021-12-22 12:44:38.193root 11241100x80000000000000004019945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd2cdf2eb9e90d82021-12-22 12:44:38.194root 11241100x80000000000000004019946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804da545ef49aff32021-12-22 12:44:38.194root 11241100x80000000000000004019947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2d4fe0d7f515492021-12-22 12:44:38.194root 11241100x80000000000000004019948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef206149b8cc257f2021-12-22 12:44:38.194root 11241100x80000000000000004019949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616cfa2b272c56622021-12-22 12:44:38.194root 11241100x80000000000000004019950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d63823901910cb2021-12-22 12:44:38.195root 11241100x80000000000000004019951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108408c8956b9a342021-12-22 12:44:38.195root 11241100x80000000000000004019952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef9a89555cc80b92021-12-22 12:44:38.195root 11241100x80000000000000004019953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7f39a7209471932021-12-22 12:44:38.195root 11241100x80000000000000004019954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff255b537940cc3e2021-12-22 12:44:38.195root 11241100x80000000000000004019955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515954937677c5ef2021-12-22 12:44:38.195root 11241100x80000000000000004019956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a152a61d85c62d542021-12-22 12:44:38.195root 11241100x80000000000000004019957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d4d21f9f15cdc62021-12-22 12:44:38.195root 11241100x80000000000000004019958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84930a524a8675002021-12-22 12:44:38.692root 11241100x80000000000000004019959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340f5f2b6444975b2021-12-22 12:44:38.693root 11241100x80000000000000004019960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112d07b636f401242021-12-22 12:44:38.693root 11241100x80000000000000004019961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfffbe56d65c37cb2021-12-22 12:44:38.693root 11241100x80000000000000004019962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6cd5efa1b72fc02021-12-22 12:44:38.693root 11241100x80000000000000004019963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6c7f52710e0b902021-12-22 12:44:38.693root 11241100x80000000000000004019964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac677270e7605b6f2021-12-22 12:44:38.694root 11241100x80000000000000004019965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e01dd3272072322021-12-22 12:44:38.694root 11241100x80000000000000004019966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504af49b24a97b2c2021-12-22 12:44:38.694root 11241100x80000000000000004019967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caf9530f359bbf62021-12-22 12:44:38.694root 11241100x80000000000000004019968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0012c954921983f82021-12-22 12:44:38.694root 11241100x80000000000000004019969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4163a167615f2d1a2021-12-22 12:44:38.694root 11241100x80000000000000004019970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77001048542d8ff72021-12-22 12:44:38.695root 11241100x80000000000000004019971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd612c0d7d9fb192021-12-22 12:44:38.695root 11241100x80000000000000004019972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7b6dc451fce2822021-12-22 12:44:38.695root 11241100x80000000000000004019973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28254225b815cd02021-12-22 12:44:38.695root 11241100x80000000000000004019974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb344333c900ce32021-12-22 12:44:38.695root 11241100x80000000000000004019975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2deb773d82ebd9e2021-12-22 12:44:38.695root 11241100x80000000000000004019976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013ac8d716740e122021-12-22 12:44:38.695root 354300x80000000000000004019977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.151{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56844-false10.0.1.12-8000- 11241100x80000000000000004019978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fa542bf481cddf2021-12-22 12:44:39.151root 11241100x80000000000000004019979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a6aba9081613f02021-12-22 12:44:39.152root 11241100x80000000000000004019980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963ad115d15779be2021-12-22 12:44:39.152root 11241100x80000000000000004019981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa17e572dd61d362021-12-22 12:44:39.152root 11241100x80000000000000004019982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a369a99c910046d2021-12-22 12:44:39.152root 11241100x80000000000000004019983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4805b02132d93e3a2021-12-22 12:44:39.152root 11241100x80000000000000004019984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25edab75474cfe782021-12-22 12:44:39.152root 11241100x80000000000000004019985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3cc23011c4a44e2021-12-22 12:44:39.153root 11241100x80000000000000004019986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bec54086cf5f752021-12-22 12:44:39.153root 11241100x80000000000000004019987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5540ddff793a50712021-12-22 12:44:39.153root 11241100x80000000000000004019988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebc8b2377e356762021-12-22 12:44:39.153root 11241100x80000000000000004019989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ddb748ca7663662021-12-22 12:44:39.153root 11241100x80000000000000004019990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfefa33447880d22021-12-22 12:44:39.153root 11241100x80000000000000004019991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6dc1a5e36643002021-12-22 12:44:39.153root 11241100x80000000000000004019992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bc00ba1c75cb072021-12-22 12:44:39.154root 11241100x80000000000000004019993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0873213dcd97eb2021-12-22 12:44:39.154root 11241100x80000000000000004019994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0478fe1f58fffe2021-12-22 12:44:39.154root 11241100x80000000000000004019995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb86ca10543e08ed2021-12-22 12:44:39.154root 11241100x80000000000000004019996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2066b8a0760829b2021-12-22 12:44:39.154root 11241100x80000000000000004019997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba6160fc82245572021-12-22 12:44:39.154root 11241100x80000000000000004019998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e817aa898111b892021-12-22 12:44:39.155root 11241100x80000000000000004019999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea249461142ace4f2021-12-22 12:44:39.155root 11241100x80000000000000004020000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20add177502cc2a2021-12-22 12:44:39.155root 11241100x80000000000000004020001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc973e9406e4a152021-12-22 12:44:39.155root 11241100x80000000000000004020002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57a6dc22c3e9d282021-12-22 12:44:39.155root 11241100x80000000000000004020003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d41014f950160f2021-12-22 12:44:39.443root 11241100x80000000000000004020004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c4dd53a75c21812021-12-22 12:44:39.443root 11241100x80000000000000004020005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46e4d797aba347e2021-12-22 12:44:39.443root 11241100x80000000000000004020006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3425545bd86228762021-12-22 12:44:39.443root 11241100x80000000000000004020007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13b71016b7e9d912021-12-22 12:44:39.444root 11241100x80000000000000004020008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0606812876cf57972021-12-22 12:44:39.444root 11241100x80000000000000004020009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8341027ba124cf782021-12-22 12:44:39.444root 11241100x80000000000000004020010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e8cba7a8b18bd22021-12-22 12:44:39.444root 11241100x80000000000000004020011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e6a466eac9efae2021-12-22 12:44:39.444root 11241100x80000000000000004020012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c96e96a86a00a0b2021-12-22 12:44:39.444root 11241100x80000000000000004020013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8f61d8cc2350062021-12-22 12:44:39.444root 11241100x80000000000000004020014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0682b4fb1f0fb462021-12-22 12:44:39.444root 11241100x80000000000000004020015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9518edb92cc4c802021-12-22 12:44:39.444root 11241100x80000000000000004020016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f3a8e355e3c48f2021-12-22 12:44:39.444root 11241100x80000000000000004020017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a978aa907fdad92021-12-22 12:44:39.445root 11241100x80000000000000004020018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86531dae4b2bc6482021-12-22 12:44:39.445root 11241100x80000000000000004020019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee0eef03650bfb72021-12-22 12:44:39.445root 11241100x80000000000000004020020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f850d6dba8001782021-12-22 12:44:39.445root 11241100x80000000000000004020021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6051786f07164d2021-12-22 12:44:39.445root 11241100x80000000000000004020022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8888775b2b5be7d82021-12-22 12:44:39.445root 11241100x80000000000000004020023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23756c66328aa57c2021-12-22 12:44:39.943root 11241100x80000000000000004020024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08221b6a91288bdd2021-12-22 12:44:39.943root 11241100x80000000000000004020025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b26f7a2821c93cb2021-12-22 12:44:39.943root 11241100x80000000000000004020026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec10c646287449c72021-12-22 12:44:39.943root 11241100x80000000000000004020027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d58b68f844314cb2021-12-22 12:44:39.943root 11241100x80000000000000004020028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc032add926a32382021-12-22 12:44:39.944root 11241100x80000000000000004020029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6d8e5d9a6d423c2021-12-22 12:44:39.944root 11241100x80000000000000004020030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88fcef00406bed92021-12-22 12:44:39.944root 11241100x80000000000000004020031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4439f698a701fab82021-12-22 12:44:39.944root 11241100x80000000000000004020032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7350f41cb9a9d7b82021-12-22 12:44:39.944root 11241100x80000000000000004020033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b9d7bcad893ea02021-12-22 12:44:39.944root 11241100x80000000000000004020034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b46563dc26ae3ce2021-12-22 12:44:39.944root 11241100x80000000000000004020035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0ad0930cf522732021-12-22 12:44:39.944root 11241100x80000000000000004020036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde5a6a2349ab39c2021-12-22 12:44:39.944root 11241100x80000000000000004020037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b30d47278b8645a2021-12-22 12:44:39.944root 11241100x80000000000000004020038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe6442be361ef242021-12-22 12:44:39.945root 11241100x80000000000000004020039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037b7ddbc5c7190b2021-12-22 12:44:39.945root 11241100x80000000000000004020040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb5b13e91e502c92021-12-22 12:44:39.945root 11241100x80000000000000004020041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3e51c039f53e782021-12-22 12:44:39.945root 11241100x80000000000000004020042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8a98d95cb77d8e2021-12-22 12:44:39.945root 11241100x80000000000000004020043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93d119e9ec3626c2021-12-22 12:44:40.443root 11241100x80000000000000004020044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86468661821c04e02021-12-22 12:44:40.443root 11241100x80000000000000004020045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdec218c02880f082021-12-22 12:44:40.444root 11241100x80000000000000004020046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5700f5af99492e2021-12-22 12:44:40.444root 11241100x80000000000000004020047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973dfa36f935306a2021-12-22 12:44:40.444root 11241100x80000000000000004020048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0485e9569b002b902021-12-22 12:44:40.444root 11241100x80000000000000004020049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0c2128d94c5c9f2021-12-22 12:44:40.444root 11241100x80000000000000004020050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f00e3132082a1db2021-12-22 12:44:40.444root 11241100x80000000000000004020051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d189bf32665da1572021-12-22 12:44:40.444root 11241100x80000000000000004020052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27872673ac6a4ee92021-12-22 12:44:40.444root 11241100x80000000000000004020053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289c0bad674646032021-12-22 12:44:40.444root 11241100x80000000000000004020054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed994c75f7fa97e2021-12-22 12:44:40.445root 11241100x80000000000000004020055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88679fa54bf9e66c2021-12-22 12:44:40.445root 11241100x80000000000000004020056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adf5bb63866f1882021-12-22 12:44:40.445root 11241100x80000000000000004020057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b5bdf4ea639aad2021-12-22 12:44:40.445root 11241100x80000000000000004020058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d3b2b2b333fbfc2021-12-22 12:44:40.445root 11241100x80000000000000004020059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8d62cfff92df582021-12-22 12:44:40.445root 11241100x80000000000000004020060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42916a8387e53a712021-12-22 12:44:40.445root 11241100x80000000000000004020061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4403db6b6965de2021-12-22 12:44:40.445root 11241100x80000000000000004020062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1293838e5e1aaf3c2021-12-22 12:44:40.445root 11241100x80000000000000004020063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5af5440eaeac4e2021-12-22 12:44:40.943root 11241100x80000000000000004020064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9ae2311eb9b4812021-12-22 12:44:40.943root 11241100x80000000000000004020065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83f8334a32a58fc2021-12-22 12:44:40.943root 11241100x80000000000000004020066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fc05dd827ce70e2021-12-22 12:44:40.943root 11241100x80000000000000004020067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e899b91e0dd3492021-12-22 12:44:40.943root 11241100x80000000000000004020068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b293f658bc5d9e2021-12-22 12:44:40.944root 11241100x80000000000000004020069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b470b6c3d6322a2021-12-22 12:44:40.944root 11241100x80000000000000004020070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409d769fa554055e2021-12-22 12:44:40.944root 11241100x80000000000000004020071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62da0e8271883b772021-12-22 12:44:40.944root 11241100x80000000000000004020072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1bd147ae9c660e2021-12-22 12:44:40.944root 11241100x80000000000000004020073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d2cfca39a9e0512021-12-22 12:44:40.944root 11241100x80000000000000004020074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038e63f9d087953a2021-12-22 12:44:40.944root 11241100x80000000000000004020075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4109706bf18b7f2021-12-22 12:44:40.944root 11241100x80000000000000004020076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134f3114fc342c042021-12-22 12:44:40.945root 11241100x80000000000000004020077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f687c263142a48912021-12-22 12:44:40.945root 11241100x80000000000000004020078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1b8d309fd29c932021-12-22 12:44:40.945root 11241100x80000000000000004020079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836c1bc9df5389722021-12-22 12:44:40.945root 11241100x80000000000000004020080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489ae2b21f7456f92021-12-22 12:44:40.945root 11241100x80000000000000004020081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4059152263f31e2021-12-22 12:44:40.945root 11241100x80000000000000004020082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc8da19f9547a522021-12-22 12:44:40.946root 11241100x80000000000000004020083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409bf49b317d676c2021-12-22 12:44:41.443root 11241100x80000000000000004020084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f91d6631ab7bc732021-12-22 12:44:41.443root 11241100x80000000000000004020085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc2df818e4cc8e52021-12-22 12:44:41.443root 11241100x80000000000000004020086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7d223e4f4086602021-12-22 12:44:41.443root 11241100x80000000000000004020087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d7cdbfaa52546e2021-12-22 12:44:41.443root 11241100x80000000000000004020088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bf62d25c47516e2021-12-22 12:44:41.444root 11241100x80000000000000004020089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb61c0afff7c7d0a2021-12-22 12:44:41.444root 11241100x80000000000000004020090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce42718353f2af9d2021-12-22 12:44:41.444root 11241100x80000000000000004020091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161e2945951df2422021-12-22 12:44:41.444root 11241100x80000000000000004020092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab17b6d3b84b4cd2021-12-22 12:44:41.444root 11241100x80000000000000004020093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc88f54cb917fb12021-12-22 12:44:41.444root 11241100x80000000000000004020094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9421935a57ef7db32021-12-22 12:44:41.444root 11241100x80000000000000004020095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17656a5d57b6f80a2021-12-22 12:44:41.444root 11241100x80000000000000004020096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ba80fd5ae22da82021-12-22 12:44:41.444root 11241100x80000000000000004020097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d0fcf88ab6cab12021-12-22 12:44:41.444root 11241100x80000000000000004020098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25f9577b0d877192021-12-22 12:44:41.444root 11241100x80000000000000004020099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b56e111855df042021-12-22 12:44:41.444root 11241100x80000000000000004020100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9fd46a32394bbc2021-12-22 12:44:41.444root 11241100x80000000000000004020101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b936b2f507b5adaa2021-12-22 12:44:41.444root 11241100x80000000000000004020102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb4c010d90f7e9a2021-12-22 12:44:41.444root 154100x80000000000000004020103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.495{ec2b6afe-1db9-61c3-507d-73690c560000}22711/bin/kmod-----lsmod/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000004020104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.499{ec2b6afe-1db9-61c3-507d-73690c560000}22711/bin/kmodubuntu 11241100x80000000000000004020105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99f1d0c7350b1092021-12-22 12:44:41.943root 11241100x80000000000000004020106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fa12df970636122021-12-22 12:44:41.943root 11241100x80000000000000004020107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88e6c051bf968522021-12-22 12:44:41.943root 11241100x80000000000000004020108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81aefe49454dd5512021-12-22 12:44:41.943root 11241100x80000000000000004020109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcaa4c8772359ced2021-12-22 12:44:41.943root 11241100x80000000000000004020110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d57a3f2ecbd32a2021-12-22 12:44:41.944root 11241100x80000000000000004020111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1c7b8b4f609b602021-12-22 12:44:41.944root 11241100x80000000000000004020112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915ec79726efe8222021-12-22 12:44:41.944root 11241100x80000000000000004020113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba10383bcabc98e2021-12-22 12:44:41.944root 11241100x80000000000000004020114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90af65f61ece06b02021-12-22 12:44:41.944root 11241100x80000000000000004020115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961a780c9c03ef152021-12-22 12:44:41.944root 11241100x80000000000000004020116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862759ac9a545eb72021-12-22 12:44:41.945root 11241100x80000000000000004020117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7063f0518762af2021-12-22 12:44:41.945root 11241100x80000000000000004020118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458e05bd222adbe82021-12-22 12:44:41.945root 11241100x80000000000000004020119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da93b789e6813362021-12-22 12:44:41.945root 11241100x80000000000000004020120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566fe84eeed2b9962021-12-22 12:44:41.945root 11241100x80000000000000004020121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91e8685e6708fcf2021-12-22 12:44:41.945root 11241100x80000000000000004020122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a0a70e0c976aa42021-12-22 12:44:41.946root 11241100x80000000000000004020123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd4dd3cba71bfe92021-12-22 12:44:41.946root 11241100x80000000000000004020124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3886068f7d1f122021-12-22 12:44:41.946root 11241100x80000000000000004020125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b376d8d7e74e768f2021-12-22 12:44:41.946root 11241100x80000000000000004020126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f0f259b5c783cc2021-12-22 12:44:41.946root 11241100x80000000000000004020127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94205433de18f3292021-12-22 12:44:41.946root 11241100x80000000000000004020128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6532d515f8f4af642021-12-22 12:44:41.946root 11241100x80000000000000004020129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e966fac3d0d60ac82021-12-22 12:44:42.443root 11241100x80000000000000004020130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dc6d6e6eef355c2021-12-22 12:44:42.443root 11241100x80000000000000004020131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49803462af719a402021-12-22 12:44:42.443root 11241100x80000000000000004020132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9977ee2858195f42021-12-22 12:44:42.444root 11241100x80000000000000004020133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da96b605e9472d3f2021-12-22 12:44:42.444root 11241100x80000000000000004020134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590bdeb39fc0d0c02021-12-22 12:44:42.444root 11241100x80000000000000004020135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938a0cf1cf6c9d382021-12-22 12:44:42.444root 11241100x80000000000000004020136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f09a4b8c208934f2021-12-22 12:44:42.444root 11241100x80000000000000004020137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca1091b2434b41c2021-12-22 12:44:42.444root 11241100x80000000000000004020138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f18090a4697bc0d2021-12-22 12:44:42.444root 11241100x80000000000000004020139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386b56edde0662c42021-12-22 12:44:42.444root 11241100x80000000000000004020140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7945c48fb4536a882021-12-22 12:44:42.444root 11241100x80000000000000004020141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a491c43039ad59ad2021-12-22 12:44:42.444root 11241100x80000000000000004020142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4b475d4ce6fa952021-12-22 12:44:42.445root 11241100x80000000000000004020143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc1697483a04b722021-12-22 12:44:42.445root 11241100x80000000000000004020144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bd570ce1e4cde42021-12-22 12:44:42.445root 11241100x80000000000000004020145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10029d93c366b002021-12-22 12:44:42.445root 11241100x80000000000000004020146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4978cc2341ece302021-12-22 12:44:42.445root 11241100x80000000000000004020147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1632a52afc24ce2021-12-22 12:44:42.445root 11241100x80000000000000004020148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e622f732e494bb12021-12-22 12:44:42.445root 11241100x80000000000000004020149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7174e338ae4b4a2021-12-22 12:44:42.445root 11241100x80000000000000004020150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c79b80e081f97b2021-12-22 12:44:42.445root 11241100x80000000000000004020151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaaa2e691ca47ed72021-12-22 12:44:42.943root 11241100x80000000000000004020152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff38f76d4404c0f2021-12-22 12:44:42.943root 11241100x80000000000000004020153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a3af9b5212a83b2021-12-22 12:44:42.943root 11241100x80000000000000004020154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbabb0ad84267d12021-12-22 12:44:42.943root 11241100x80000000000000004020155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068979b3bbd0c1b52021-12-22 12:44:42.944root 11241100x80000000000000004020156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2e3179fb41cdfb2021-12-22 12:44:42.944root 11241100x80000000000000004020157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66720e1cbae6771b2021-12-22 12:44:42.944root 11241100x80000000000000004020158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9153c5a9487c51d2021-12-22 12:44:42.944root 11241100x80000000000000004020159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918d5187cb6dcbb42021-12-22 12:44:42.944root 11241100x80000000000000004020160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c2a12a7490009d2021-12-22 12:44:42.944root 11241100x80000000000000004020161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07fbdb85bb6ef982021-12-22 12:44:42.944root 11241100x80000000000000004020162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60aa30c24cbf443e2021-12-22 12:44:42.944root 11241100x80000000000000004020163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de886aedbef0fb62021-12-22 12:44:42.944root 11241100x80000000000000004020164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d72c5b51d5c4d82021-12-22 12:44:42.944root 11241100x80000000000000004020165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289492fb758808a42021-12-22 12:44:42.945root 11241100x80000000000000004020166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c97b2f6c05c42ee2021-12-22 12:44:42.945root 11241100x80000000000000004020167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d9193bd0e79e942021-12-22 12:44:42.945root 11241100x80000000000000004020168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fae2cd40592cb742021-12-22 12:44:42.945root 11241100x80000000000000004020169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8d44531b8fdb6c2021-12-22 12:44:42.945root 11241100x80000000000000004020170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741a98e4bb50f9112021-12-22 12:44:42.945root 11241100x80000000000000004020171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe600b5b6d7074b2021-12-22 12:44:42.946root 11241100x80000000000000004020172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee9d6907ddf4fb32021-12-22 12:44:42.946root 11241100x80000000000000004020173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb509781a4b826b02021-12-22 12:44:43.443root 11241100x80000000000000004020174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48d261a57448a972021-12-22 12:44:43.443root 11241100x80000000000000004020175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c85660160976b72021-12-22 12:44:43.443root 11241100x80000000000000004020176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a42abda0e55f0622021-12-22 12:44:43.443root 11241100x80000000000000004020177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e083c9913057552021-12-22 12:44:43.443root 11241100x80000000000000004020178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ca666faea6c3722021-12-22 12:44:43.444root 11241100x80000000000000004020179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf1c826de69c00c2021-12-22 12:44:43.444root 11241100x80000000000000004020180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffdb71d534cc5222021-12-22 12:44:43.444root 11241100x80000000000000004020181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4add73d7d1549ba2021-12-22 12:44:43.444root 11241100x80000000000000004020182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662b6b70a72b6a392021-12-22 12:44:43.445root 11241100x80000000000000004020183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60900d686347e3e52021-12-22 12:44:43.445root 11241100x80000000000000004020184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf00bb18011a9e92021-12-22 12:44:43.445root 11241100x80000000000000004020185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9490afca4aba04992021-12-22 12:44:43.445root 11241100x80000000000000004020186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480f857c56d1030c2021-12-22 12:44:43.445root 11241100x80000000000000004020187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6708e499ac1803d2021-12-22 12:44:43.445root 11241100x80000000000000004020188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba92e6fb870b7412021-12-22 12:44:43.446root 11241100x80000000000000004020189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5754b417df7a91af2021-12-22 12:44:43.446root 11241100x80000000000000004020190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5536cc85db6309602021-12-22 12:44:43.446root 11241100x80000000000000004020191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f8ba019bdb4d472021-12-22 12:44:43.446root 11241100x80000000000000004020192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cb05e998f397882021-12-22 12:44:43.446root 11241100x80000000000000004020193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c48dd87c543a5e02021-12-22 12:44:43.446root 11241100x80000000000000004020194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764699c271225ff42021-12-22 12:44:43.446root 11241100x80000000000000004020195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c8d57f6a9330a32021-12-22 12:44:43.447root 11241100x80000000000000004020196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368c1813faf855f62021-12-22 12:44:43.447root 11241100x80000000000000004020197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0255ad9824861542021-12-22 12:44:43.943root 11241100x80000000000000004020198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcad6df9e6caa69c2021-12-22 12:44:43.943root 11241100x80000000000000004020199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f67ae90153c8c0f2021-12-22 12:44:43.943root 11241100x80000000000000004020200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb188c3623741ac62021-12-22 12:44:43.943root 11241100x80000000000000004020201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb6db851bf3551b2021-12-22 12:44:43.943root 11241100x80000000000000004020202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f882ba3760d796e2021-12-22 12:44:43.944root 11241100x80000000000000004020203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9435a38bb7dffb662021-12-22 12:44:43.944root 11241100x80000000000000004020204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d0462789a0223a2021-12-22 12:44:43.944root 11241100x80000000000000004020205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc2e8a1780839272021-12-22 12:44:43.944root 11241100x80000000000000004020206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316d9e5d8247f65d2021-12-22 12:44:43.944root 11241100x80000000000000004020207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2500e36926679afa2021-12-22 12:44:43.944root 11241100x80000000000000004020208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a6817fdd6abbaa2021-12-22 12:44:43.944root 11241100x80000000000000004020209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33eee3e5d69ed2e2021-12-22 12:44:43.945root 11241100x80000000000000004020210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ad1b5430c3f6a42021-12-22 12:44:43.945root 11241100x80000000000000004020211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cf1ca19582de8b2021-12-22 12:44:43.945root 11241100x80000000000000004020212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca662fcaa54fec12021-12-22 12:44:43.945root 11241100x80000000000000004020213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab48f80916a6581c2021-12-22 12:44:43.945root 11241100x80000000000000004020214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f08df8a3f7b74252021-12-22 12:44:43.945root 11241100x80000000000000004020215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c2d5354d8704272021-12-22 12:44:43.945root 11241100x80000000000000004020216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b2bc1fb609d8d82021-12-22 12:44:43.945root 11241100x80000000000000004020217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc98b5286173a3f2021-12-22 12:44:43.946root 11241100x80000000000000004020218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52ff66e8879bc692021-12-22 12:44:43.946root 11241100x80000000000000004020219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8333b9271ba086662021-12-22 12:44:43.946root 11241100x80000000000000004020220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92047f7fbe3845502021-12-22 12:44:43.947root 354300x80000000000000004020221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.160{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56846-false10.0.1.12-8000- 11241100x80000000000000004020222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8400b93e29ab80622021-12-22 12:44:44.443root 11241100x80000000000000004020223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c17119d6d9ec582021-12-22 12:44:44.443root 11241100x80000000000000004020224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026d73609e8e92642021-12-22 12:44:44.443root 11241100x80000000000000004020225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f454277cf4fcdf222021-12-22 12:44:44.443root 11241100x80000000000000004020226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b78b0e3eb418bf2021-12-22 12:44:44.444root 11241100x80000000000000004020227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250460188a960c0a2021-12-22 12:44:44.444root 11241100x80000000000000004020228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a858288663d531b32021-12-22 12:44:44.444root 11241100x80000000000000004020229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811be85d45c6be4e2021-12-22 12:44:44.444root 11241100x80000000000000004020230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b200d77e12e625352021-12-22 12:44:44.444root 11241100x80000000000000004020231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf389e0baa6eea32021-12-22 12:44:44.444root 11241100x80000000000000004020232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4fb161100bec5d2021-12-22 12:44:44.444root 11241100x80000000000000004020233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3415a1663540b90f2021-12-22 12:44:44.444root 11241100x80000000000000004020234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e408242e12d00d2021-12-22 12:44:44.444root 11241100x80000000000000004020235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c237da190c78c6d2021-12-22 12:44:44.444root 11241100x80000000000000004020236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c665de864b6c93462021-12-22 12:44:44.444root 11241100x80000000000000004020237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb484c4b012280c2021-12-22 12:44:44.444root 11241100x80000000000000004020238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103aa1152b3ee6d72021-12-22 12:44:44.444root 11241100x80000000000000004020239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5661a20317603b2021-12-22 12:44:44.444root 11241100x80000000000000004020240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4d172141d7339d2021-12-22 12:44:44.445root 11241100x80000000000000004020241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f2e3ed866043462021-12-22 12:44:44.445root 11241100x80000000000000004020242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a096ef2a37f85b2021-12-22 12:44:44.445root 11241100x80000000000000004020243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea3963aec3dd3392021-12-22 12:44:44.445root 11241100x80000000000000004020244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b16be8bdcc19b82021-12-22 12:44:44.445root 11241100x80000000000000004020245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f2928fc24d59392021-12-22 12:44:44.943root 11241100x80000000000000004020246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01acc8e3339c5f62021-12-22 12:44:44.943root 11241100x80000000000000004020247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a46fd48bbb6082021-12-22 12:44:44.943root 11241100x80000000000000004020248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bf7190021128f12021-12-22 12:44:44.943root 11241100x80000000000000004020249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708977408a5bc2442021-12-22 12:44:44.944root 11241100x80000000000000004020250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cbc27aaaf440f02021-12-22 12:44:44.944root 11241100x80000000000000004020251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6958a3e438a3e2d2021-12-22 12:44:44.944root 11241100x80000000000000004020252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4603d441b1607f582021-12-22 12:44:44.944root 11241100x80000000000000004020253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae5d535c3e05e9e2021-12-22 12:44:44.944root 11241100x80000000000000004020254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2499e518b98cf7982021-12-22 12:44:44.944root 11241100x80000000000000004020255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7585de022301460d2021-12-22 12:44:44.945root 11241100x80000000000000004020256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c94a9904179d2f2021-12-22 12:44:44.945root 11241100x80000000000000004020257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4297286520b186692021-12-22 12:44:44.945root 11241100x80000000000000004020258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13109433ba5e226b2021-12-22 12:44:44.945root 11241100x80000000000000004020259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16dec7f6f34535a2021-12-22 12:44:44.945root 11241100x80000000000000004020260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d791e8562f1c95022021-12-22 12:44:44.945root 11241100x80000000000000004020261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ceb3ad968492952021-12-22 12:44:44.945root 11241100x80000000000000004020262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a79044511ea14b2021-12-22 12:44:44.946root 11241100x80000000000000004020263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ead9524e1b14d32021-12-22 12:44:44.946root 11241100x80000000000000004020264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef74ce77bfc95e52021-12-22 12:44:44.946root 11241100x80000000000000004020265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6a5d94a9c121f32021-12-22 12:44:44.946root 11241100x80000000000000004020266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52da656d3549d70e2021-12-22 12:44:44.946root 11241100x80000000000000004020267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d18d84ee345573f2021-12-22 12:44:44.947root 11241100x80000000000000004020268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19701a2a7f70c8ef2021-12-22 12:44:45.442root 11241100x80000000000000004020269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319e86d2abc6e49a2021-12-22 12:44:45.443root 11241100x80000000000000004020270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b4761e92614bba2021-12-22 12:44:45.443root 11241100x80000000000000004020271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700d3ba11416fcca2021-12-22 12:44:45.443root 11241100x80000000000000004020272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2090631cc0a397cb2021-12-22 12:44:45.443root 11241100x80000000000000004020273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddf9506980d73382021-12-22 12:44:45.443root 11241100x80000000000000004020274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5c34a1e841d97c2021-12-22 12:44:45.444root 11241100x80000000000000004020275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0502728941cc132021-12-22 12:44:45.444root 11241100x80000000000000004020276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0651589240fc98782021-12-22 12:44:45.444root 11241100x80000000000000004020277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661f222f36274fc42021-12-22 12:44:45.444root 11241100x80000000000000004020278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7697715f1581e82021-12-22 12:44:45.444root 11241100x80000000000000004020279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293de262d06cff7a2021-12-22 12:44:45.444root 11241100x80000000000000004020280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc420bca7fef5782021-12-22 12:44:45.444root 11241100x80000000000000004020281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002fe7735d5b06062021-12-22 12:44:45.445root 11241100x80000000000000004020282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68259a055bbcabd52021-12-22 12:44:45.445root 11241100x80000000000000004020283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d93ad10c39085c2021-12-22 12:44:45.445root 11241100x80000000000000004020284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ecb3733f305c402021-12-22 12:44:45.445root 11241100x80000000000000004020285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48b4f14377889442021-12-22 12:44:45.445root 11241100x80000000000000004020286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0497be4ed07dc90b2021-12-22 12:44:45.445root 11241100x80000000000000004020287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abebae996ca3d72d2021-12-22 12:44:45.445root 11241100x80000000000000004020288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c59ce6a6c5433e82021-12-22 12:44:45.446root 11241100x80000000000000004020289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38262395d88904a32021-12-22 12:44:45.446root 11241100x80000000000000004020290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20ab3cd576265d02021-12-22 12:44:45.446root 11241100x80000000000000004020291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1555ca3a07f015352021-12-22 12:44:45.446root 11241100x80000000000000004020292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b60cba6f5d10f442021-12-22 12:44:45.446root 11241100x80000000000000004020293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e92ab04cb2e5c32021-12-22 12:44:45.943root 11241100x80000000000000004020294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a979516771028a2a2021-12-22 12:44:45.943root 11241100x80000000000000004020295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5399afcb1ed2f492021-12-22 12:44:45.943root 11241100x80000000000000004020296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c95cb45964d29a42021-12-22 12:44:45.943root 11241100x80000000000000004020297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93c7674eff14db32021-12-22 12:44:45.943root 11241100x80000000000000004020298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909110aa313190ee2021-12-22 12:44:45.944root 11241100x80000000000000004020299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bc18f144ff5ce82021-12-22 12:44:45.944root 11241100x80000000000000004020300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4a624c2d4fd6872021-12-22 12:44:45.944root 11241100x80000000000000004020301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf840b9d92308cc2021-12-22 12:44:45.944root 11241100x80000000000000004020302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0496775fa72cb89c2021-12-22 12:44:45.944root 11241100x80000000000000004020303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720175972322352e2021-12-22 12:44:45.944root 11241100x80000000000000004020304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec9c4b7ed33e0252021-12-22 12:44:45.944root 11241100x80000000000000004020305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3637212e1db430fc2021-12-22 12:44:45.944root 11241100x80000000000000004020306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3306e2d51dacf562021-12-22 12:44:45.945root 11241100x80000000000000004020307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd843b1b548abec2021-12-22 12:44:45.945root 11241100x80000000000000004020308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522fb96290f6d3ab2021-12-22 12:44:45.945root 11241100x80000000000000004020309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065e8990524d1b682021-12-22 12:44:45.945root 11241100x80000000000000004020310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89d1c03f3098a6a2021-12-22 12:44:45.945root 11241100x80000000000000004020311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbf7673c2c24b802021-12-22 12:44:45.945root 11241100x80000000000000004020312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1093e7cbd1a5722d2021-12-22 12:44:45.945root 11241100x80000000000000004020313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd93c0c09fc1a4c2021-12-22 12:44:45.945root 11241100x80000000000000004020314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfc9b96956377b22021-12-22 12:44:45.945root 11241100x80000000000000004020315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6727edfb022554662021-12-22 12:44:45.945root 11241100x80000000000000004020316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21826af082bda042021-12-22 12:44:46.443root 11241100x80000000000000004020317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49514a426671b05e2021-12-22 12:44:46.443root 11241100x80000000000000004020318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8886513d27c0582021-12-22 12:44:46.443root 11241100x80000000000000004020319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42cd4f26a3945792021-12-22 12:44:46.443root 11241100x80000000000000004020320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bd4ddc8fb4521a2021-12-22 12:44:46.444root 11241100x80000000000000004020321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6424d4bafcc79df12021-12-22 12:44:46.444root 11241100x80000000000000004020322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b618cf4b7eea8a2e2021-12-22 12:44:46.444root 11241100x80000000000000004020323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5941d4b9a14d7762021-12-22 12:44:46.444root 11241100x80000000000000004020324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594d8fbabfdef9282021-12-22 12:44:46.444root 11241100x80000000000000004020325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245ed94db55c520d2021-12-22 12:44:46.445root 11241100x80000000000000004020326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e44de3d5b5951202021-12-22 12:44:46.445root 11241100x80000000000000004020327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fdfc2ff0e5a78c2021-12-22 12:44:46.446root 11241100x80000000000000004020328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435d0e4c262feabc2021-12-22 12:44:46.447root 11241100x80000000000000004020329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03399051caef72852021-12-22 12:44:46.447root 11241100x80000000000000004020330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7ed8cfb23464d82021-12-22 12:44:46.447root 11241100x80000000000000004020331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d41f0c5f3176532021-12-22 12:44:46.448root 11241100x80000000000000004020332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440b00f50ac0247c2021-12-22 12:44:46.448root 11241100x80000000000000004020333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566ee9414b9de1592021-12-22 12:44:46.448root 11241100x80000000000000004020334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71e2689bcd4c7052021-12-22 12:44:46.448root 11241100x80000000000000004020335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f99e9a5398705e2021-12-22 12:44:46.448root 11241100x80000000000000004020336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28d9315db9b45c92021-12-22 12:44:46.449root 11241100x80000000000000004020337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a4181a61a089302021-12-22 12:44:46.449root 11241100x80000000000000004020338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d2a57d71b9bdf32021-12-22 12:44:46.449root 11241100x80000000000000004020339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a7ddc86afa7e892021-12-22 12:44:46.943root 11241100x80000000000000004020340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3baad80f3f2466f2021-12-22 12:44:46.943root 11241100x80000000000000004020341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11fa304c719133b2021-12-22 12:44:46.943root 11241100x80000000000000004020342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4921caf8e541175d2021-12-22 12:44:46.943root 11241100x80000000000000004020343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c23c182d1d1517e2021-12-22 12:44:46.943root 11241100x80000000000000004020344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e85e4a647964f192021-12-22 12:44:46.943root 11241100x80000000000000004020345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dca15db4139c1c92021-12-22 12:44:46.943root 11241100x80000000000000004020346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b47c608383c54a2021-12-22 12:44:46.944root 11241100x80000000000000004020347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ecd4c0c666f7152021-12-22 12:44:46.944root 11241100x80000000000000004020348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e0ce38677a6ad22021-12-22 12:44:46.944root 11241100x80000000000000004020349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09803c69caec99002021-12-22 12:44:46.944root 11241100x80000000000000004020350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0804593b01e0e0a2021-12-22 12:44:46.944root 11241100x80000000000000004020351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc62e88cbf90876e2021-12-22 12:44:46.945root 11241100x80000000000000004020352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b75aea082abad62021-12-22 12:44:46.945root 11241100x80000000000000004020353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73181f693b3ed5502021-12-22 12:44:46.945root 11241100x80000000000000004020354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547fcc0dc9116b082021-12-22 12:44:46.946root 11241100x80000000000000004020355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ae8740904956d62021-12-22 12:44:46.946root 11241100x80000000000000004020356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5584d673de40f2462021-12-22 12:44:46.947root 11241100x80000000000000004020357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301f1d52e11dc42a2021-12-22 12:44:46.947root 11241100x80000000000000004020358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11df7b37708f7e22021-12-22 12:44:46.947root 11241100x80000000000000004020359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc341e1daa2c9f8d2021-12-22 12:44:46.947root 11241100x80000000000000004020360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bf09fa27a7c6b12021-12-22 12:44:46.948root 11241100x80000000000000004020361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbdfa5b9dc055682021-12-22 12:44:46.948root 11241100x80000000000000004020362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2878eccf9e4c7d2021-12-22 12:44:46.948root 11241100x80000000000000004020363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7105eebea1a5772021-12-22 12:44:46.949root 11241100x80000000000000004020364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030f4be696561d5a2021-12-22 12:44:46.949root 11241100x80000000000000004020365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c44ff0c66d7fd252021-12-22 12:44:46.949root 11241100x80000000000000004020366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2182772f484c5722021-12-22 12:44:46.949root 11241100x80000000000000004020367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9687b30aa72c3add2021-12-22 12:44:46.950root 11241100x80000000000000004020368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11045edbcc8fba042021-12-22 12:44:47.443root 11241100x80000000000000004020369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc0a7f202e575572021-12-22 12:44:47.444root 11241100x80000000000000004020370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c59d90da30908f2021-12-22 12:44:47.444root 11241100x80000000000000004020371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc7341329c2ad382021-12-22 12:44:47.444root 11241100x80000000000000004020372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ed1e624ca0814b2021-12-22 12:44:47.444root 11241100x80000000000000004020373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059bc82affd1a5f02021-12-22 12:44:47.445root 11241100x80000000000000004020374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7722a0d00d13fc532021-12-22 12:44:47.445root 11241100x80000000000000004020375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bc4e14e358403d2021-12-22 12:44:47.445root 11241100x80000000000000004020376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062a23d197ad4f182021-12-22 12:44:47.445root 11241100x80000000000000004020377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2716a86a78f505a82021-12-22 12:44:47.445root 11241100x80000000000000004020378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e82c2648bd7bb52021-12-22 12:44:47.445root 11241100x80000000000000004020379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747c67f10890c4a22021-12-22 12:44:47.445root 11241100x80000000000000004020380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7c5ce2c84b6cda2021-12-22 12:44:47.446root 11241100x80000000000000004020381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b256b6769a9a3d602021-12-22 12:44:47.446root 11241100x80000000000000004020382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f366c897b4b6fb2021-12-22 12:44:47.446root 11241100x80000000000000004020383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743efce546a57cc72021-12-22 12:44:47.446root 11241100x80000000000000004020384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a13b34da1f0eca52021-12-22 12:44:47.446root 11241100x80000000000000004020385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fc56c918dd30ae2021-12-22 12:44:47.446root 11241100x80000000000000004020386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62443f096f30af2c2021-12-22 12:44:47.447root 11241100x80000000000000004020387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cc1927c84ca8ef2021-12-22 12:44:47.447root 11241100x80000000000000004020388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3508dcc335707a3e2021-12-22 12:44:47.447root 11241100x80000000000000004020389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f836fb145ba3f4a2021-12-22 12:44:47.447root 11241100x80000000000000004020390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3880efbc270613162021-12-22 12:44:47.447root 11241100x80000000000000004020391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d3d0cedf031e5b2021-12-22 12:44:47.943root 11241100x80000000000000004020392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483fd6a63c1f685f2021-12-22 12:44:47.943root 11241100x80000000000000004020393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a5a993f55e1aa92021-12-22 12:44:47.943root 11241100x80000000000000004020394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de021f46629197e82021-12-22 12:44:47.943root 11241100x80000000000000004020395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e85921aca05ec492021-12-22 12:44:47.943root 11241100x80000000000000004020396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b8ca77dcdaa48a2021-12-22 12:44:47.944root 11241100x80000000000000004020397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8530cd16d8dcdd2021-12-22 12:44:47.944root 11241100x80000000000000004020398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bdf5bc1f0d69982021-12-22 12:44:47.944root 11241100x80000000000000004020399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa355f76f33d9832021-12-22 12:44:47.944root 11241100x80000000000000004020400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11819c8dec3244a12021-12-22 12:44:47.944root 11241100x80000000000000004020401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7e3fe5e8c1833c2021-12-22 12:44:47.944root 11241100x80000000000000004020402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091b7e496c5bf8812021-12-22 12:44:47.944root 11241100x80000000000000004020403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a53dc49416594542021-12-22 12:44:47.944root 11241100x80000000000000004020404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba6a6e631d5b19d2021-12-22 12:44:47.945root 11241100x80000000000000004020405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5297c306abedd832021-12-22 12:44:47.945root 11241100x80000000000000004020406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d7447416994bb62021-12-22 12:44:47.945root 11241100x80000000000000004020407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453a51c85e0e95ee2021-12-22 12:44:47.945root 11241100x80000000000000004020408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a0c765617cf6382021-12-22 12:44:47.945root 11241100x80000000000000004020409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ee15a50253744a2021-12-22 12:44:47.945root 11241100x80000000000000004020410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93ac7e62a179f772021-12-22 12:44:47.946root 11241100x80000000000000004020411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc41baca4c0bdaf2021-12-22 12:44:47.946root 11241100x80000000000000004020412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3b64458674322f2021-12-22 12:44:47.946root 11241100x80000000000000004020413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a1c80eae77c63b2021-12-22 12:44:47.946root 11241100x80000000000000004020414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0517db5782a7da192021-12-22 12:44:47.946root 11241100x80000000000000004020415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5532eb2b871d3d2f2021-12-22 12:44:47.947root 11241100x80000000000000004020416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8340f0242ddd23942021-12-22 12:44:47.947root 11241100x80000000000000004020417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c5da8caae8913c2021-12-22 12:44:48.443root 11241100x80000000000000004020418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca3316695d0a8652021-12-22 12:44:48.443root 11241100x80000000000000004020419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a0162c124eb7922021-12-22 12:44:48.443root 11241100x80000000000000004020420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c72377b14c0f7772021-12-22 12:44:48.443root 11241100x80000000000000004020421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24336a7a61e0c1902021-12-22 12:44:48.443root 11241100x80000000000000004020422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de89e5a386381952021-12-22 12:44:48.443root 11241100x80000000000000004020423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94de589d3f4a45082021-12-22 12:44:48.443root 11241100x80000000000000004020424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0955695a34badc8c2021-12-22 12:44:48.444root 11241100x80000000000000004020425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b4651bd0e00f032021-12-22 12:44:48.444root 11241100x80000000000000004020426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51e93a1561c82b92021-12-22 12:44:48.444root 11241100x80000000000000004020427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eac989505b85c832021-12-22 12:44:48.444root 11241100x80000000000000004020428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b2ad193756e7c62021-12-22 12:44:48.444root 11241100x80000000000000004020429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e056af6cc440c6f2021-12-22 12:44:48.444root 11241100x80000000000000004020430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a757de2c082feb72021-12-22 12:44:48.444root 11241100x80000000000000004020431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bef032e6a789f632021-12-22 12:44:48.445root 11241100x80000000000000004020432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c540443fb79a072021-12-22 12:44:48.445root 11241100x80000000000000004020433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbaa8c0b001febc2021-12-22 12:44:48.445root 11241100x80000000000000004020434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d841e943b24906a2021-12-22 12:44:48.445root 11241100x80000000000000004020435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5818f2a1aabf7a02021-12-22 12:44:48.445root 11241100x80000000000000004020436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcc8172d4bf398b2021-12-22 12:44:48.445root 11241100x80000000000000004020437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717f3981d79b37442021-12-22 12:44:48.446root 11241100x80000000000000004020438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473d222378590a882021-12-22 12:44:48.446root 11241100x80000000000000004020439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6c4840f9a0eb872021-12-22 12:44:48.446root 11241100x80000000000000004020440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd0dc7b81e050692021-12-22 12:44:48.943root 11241100x80000000000000004020441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a0fe57669cce262021-12-22 12:44:48.943root 11241100x80000000000000004020442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f1f5108ee2978e2021-12-22 12:44:48.943root 11241100x80000000000000004020443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a50683a3d730072021-12-22 12:44:48.943root 11241100x80000000000000004020444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076f7dde6f09c9192021-12-22 12:44:48.944root 11241100x80000000000000004020445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c304c6de5e26849c2021-12-22 12:44:48.944root 11241100x80000000000000004020446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edfd389fd44aeb42021-12-22 12:44:48.944root 11241100x80000000000000004020447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970ee0e8ea8a8fac2021-12-22 12:44:48.944root 11241100x80000000000000004020448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d33d41d3da740a42021-12-22 12:44:48.944root 11241100x80000000000000004020449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9c9b7668d679fb2021-12-22 12:44:48.944root 11241100x80000000000000004020450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74da53b320ce5d342021-12-22 12:44:48.944root 11241100x80000000000000004020451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654d69fdb727f26c2021-12-22 12:44:48.944root 11241100x80000000000000004020452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db738408845993d2021-12-22 12:44:48.944root 11241100x80000000000000004020453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98688c0e1acfd942021-12-22 12:44:48.944root 11241100x80000000000000004020454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb290e064e54cbf82021-12-22 12:44:48.944root 11241100x80000000000000004020455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bf9fdafb0d41882021-12-22 12:44:48.945root 11241100x80000000000000004020456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101c395deec90c562021-12-22 12:44:48.945root 11241100x80000000000000004020457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285d920b786009642021-12-22 12:44:48.945root 11241100x80000000000000004020458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293a29530acdfd722021-12-22 12:44:48.945root 11241100x80000000000000004020459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300486160c9f5b1b2021-12-22 12:44:48.945root 11241100x80000000000000004020460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ff00e5495e72d22021-12-22 12:44:48.945root 11241100x80000000000000004020461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04b78a06a7d9dea2021-12-22 12:44:48.945root 11241100x80000000000000004020462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e17a09dc54b5b302021-12-22 12:44:48.945root 354300x80000000000000004020463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.244{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56848-false10.0.1.12-8000- 11241100x80000000000000004020464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbb6f6eb774e36e2021-12-22 12:44:49.245root 11241100x80000000000000004020465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48594bfad8b4b0032021-12-22 12:44:49.245root 11241100x80000000000000004020466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73fbb1cb4c50f6c2021-12-22 12:44:49.245root 11241100x80000000000000004020467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc9f63b87d862162021-12-22 12:44:49.245root 11241100x80000000000000004020468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ded878555b03ee2021-12-22 12:44:49.245root 11241100x80000000000000004020469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68458cb491cffcc62021-12-22 12:44:49.245root 11241100x80000000000000004020470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60763b741881f32e2021-12-22 12:44:49.246root 11241100x80000000000000004020471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca3b36a7a9459512021-12-22 12:44:49.246root 11241100x80000000000000004020472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c35c994093505f62021-12-22 12:44:49.246root 11241100x80000000000000004020473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f37db8bb14b7f72021-12-22 12:44:49.246root 11241100x80000000000000004020474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abc5e6f99e0f1d52021-12-22 12:44:49.246root 11241100x80000000000000004020475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7b473bcffeb6d52021-12-22 12:44:49.246root 11241100x80000000000000004020476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6749de07429197f02021-12-22 12:44:49.246root 11241100x80000000000000004020477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a2e11645aff1852021-12-22 12:44:49.246root 11241100x80000000000000004020478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac4bec991638aac2021-12-22 12:44:49.246root 11241100x80000000000000004020479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576aa916509281872021-12-22 12:44:49.246root 11241100x80000000000000004020480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2431275addeb4a52021-12-22 12:44:49.247root 11241100x80000000000000004020481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1808303288dc9a3e2021-12-22 12:44:49.247root 11241100x80000000000000004020482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804162cd4de61c502021-12-22 12:44:49.247root 11241100x80000000000000004020483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c80401d79a22442021-12-22 12:44:49.247root 11241100x80000000000000004020484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb7ef5f58b556c72021-12-22 12:44:49.247root 11241100x80000000000000004020485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985a9afd321b57a72021-12-22 12:44:49.247root 11241100x80000000000000004020486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bf71b516bebe4b2021-12-22 12:44:49.247root 11241100x80000000000000004020487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a1057f7d6bbd402021-12-22 12:44:49.247root 11241100x80000000000000004020488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b217d1f34193a662021-12-22 12:44:49.693root 11241100x80000000000000004020489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ddac5bee9e9e332021-12-22 12:44:49.693root 11241100x80000000000000004020490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97796c840db8ecd72021-12-22 12:44:49.694root 11241100x80000000000000004020491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf55c146a9837ae2021-12-22 12:44:49.694root 11241100x80000000000000004020492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc673fbef0ba8e822021-12-22 12:44:49.694root 11241100x80000000000000004020493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b348c00456d5a3472021-12-22 12:44:49.694root 11241100x80000000000000004020494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86849ec650515ca12021-12-22 12:44:49.694root 11241100x80000000000000004020495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a8e1103b12de5e2021-12-22 12:44:49.694root 11241100x80000000000000004020496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6720f3f3ebac6e392021-12-22 12:44:49.694root 11241100x80000000000000004020497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdedc2b10fb82572021-12-22 12:44:49.694root 11241100x80000000000000004020498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea86b023ce2722062021-12-22 12:44:49.694root 11241100x80000000000000004020499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7010c01d524e15832021-12-22 12:44:49.695root 11241100x80000000000000004020500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552da7554b2d05862021-12-22 12:44:49.695root 11241100x80000000000000004020501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde8ae494bf133622021-12-22 12:44:49.695root 11241100x80000000000000004020502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae42efd994984a42021-12-22 12:44:49.695root 11241100x80000000000000004020503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1159d9002e176c2021-12-22 12:44:49.695root 11241100x80000000000000004020504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d699e4d30962052021-12-22 12:44:49.695root 11241100x80000000000000004020505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ed911910133dab2021-12-22 12:44:49.695root 11241100x80000000000000004020506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625214372a5ebe8b2021-12-22 12:44:49.695root 11241100x80000000000000004020507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe4508691fe846c2021-12-22 12:44:49.695root 11241100x80000000000000004020508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133e25bd4ec1c2602021-12-22 12:44:49.695root 11241100x80000000000000004020509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6900488f8ff49d2021-12-22 12:44:49.696root 11241100x80000000000000004020510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3f10c0fa2d903a2021-12-22 12:44:49.696root 11241100x80000000000000004020511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8061c2ebfe84fa482021-12-22 12:44:49.696root 154100x80000000000000004020512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.787{ec2b6afe-1dc1-61c3-507d-1a7fa8550000}22712/bin/kmod-----insmod rootkit.ko/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000004020513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.788{ec2b6afe-1dc1-61c3-507d-1a7fa8550000}22712/bin/kmodubuntu 11241100x80000000000000004020514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac949c7d468f7a92021-12-22 12:44:50.193root 11241100x80000000000000004020515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9abe6e04e9753402021-12-22 12:44:50.193root 11241100x80000000000000004020516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f89f12a534cee92021-12-22 12:44:50.194root 11241100x80000000000000004020517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83609c3417348cbe2021-12-22 12:44:50.194root 11241100x80000000000000004020518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee9bc0a6adeb312021-12-22 12:44:50.194root 11241100x80000000000000004020519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68acc3dbb6326962021-12-22 12:44:50.194root 11241100x80000000000000004020520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220be34c2d7c2deb2021-12-22 12:44:50.195root 11241100x80000000000000004020521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b1b31f6060ba1e2021-12-22 12:44:50.195root 11241100x80000000000000004020522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42fc4e986291cb72021-12-22 12:44:50.195root 11241100x80000000000000004020523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18399dd9fc0d2a7b2021-12-22 12:44:50.195root 11241100x80000000000000004020524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0322c9ed4d003df32021-12-22 12:44:50.195root 11241100x80000000000000004020525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331153a8835a58732021-12-22 12:44:50.196root 11241100x80000000000000004020526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15a8d20fd665b122021-12-22 12:44:50.196root 11241100x80000000000000004020527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054a3f97cae859782021-12-22 12:44:50.196root 11241100x80000000000000004020528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1442577522ba7a972021-12-22 12:44:50.196root 11241100x80000000000000004020529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a40ca2ad6698f5d2021-12-22 12:44:50.196root 11241100x80000000000000004020530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3219920bb638b9402021-12-22 12:44:50.196root 11241100x80000000000000004020531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08b2baa362c11872021-12-22 12:44:50.196root 11241100x80000000000000004020532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa942b6745ede6d2021-12-22 12:44:50.196root 11241100x80000000000000004020533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5999b9ecf945cde72021-12-22 12:44:50.196root 11241100x80000000000000004020534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72507f69045ab3362021-12-22 12:44:50.196root 11241100x80000000000000004020535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d700a090276f531c2021-12-22 12:44:50.196root 11241100x80000000000000004020536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5f0c8922611c6d2021-12-22 12:44:50.197root 11241100x80000000000000004020537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12cec991674e69d2021-12-22 12:44:50.197root 11241100x80000000000000004020538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a482d61a0b728c802021-12-22 12:44:50.197root 11241100x80000000000000004020539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af25ed3c82c13042021-12-22 12:44:50.197root 11241100x80000000000000004020540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd015f17b4401c3b2021-12-22 12:44:50.693root 11241100x80000000000000004020541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aca68007d4e321a2021-12-22 12:44:50.693root 11241100x80000000000000004020542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7911cfbd4d2220962021-12-22 12:44:50.694root 11241100x80000000000000004020543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2f771c4cdfbaf22021-12-22 12:44:50.694root 11241100x80000000000000004020544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bc9f34935bf03d2021-12-22 12:44:50.694root 11241100x80000000000000004020545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d055db855df89f1e2021-12-22 12:44:50.694root 11241100x80000000000000004020546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b671cd999fea772021-12-22 12:44:50.694root 11241100x80000000000000004020547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9845ed26047e05d82021-12-22 12:44:50.694root 11241100x80000000000000004020548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0221f58fd58f7e322021-12-22 12:44:50.694root 11241100x80000000000000004020549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69b9a4d39635d0b2021-12-22 12:44:50.694root 11241100x80000000000000004020550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a5b20a7d9a79562021-12-22 12:44:50.694root 11241100x80000000000000004020551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23711da570e5f64f2021-12-22 12:44:50.694root 11241100x80000000000000004020552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23568a4856983bf12021-12-22 12:44:50.694root 11241100x80000000000000004020553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bede9375f88cb62021-12-22 12:44:50.694root 11241100x80000000000000004020554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bceb5871c2d511c2021-12-22 12:44:50.694root 11241100x80000000000000004020555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1cb3dcb7c2e1392021-12-22 12:44:50.694root 11241100x80000000000000004020556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a01a3e79c9569c52021-12-22 12:44:50.694root 11241100x80000000000000004020557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59461bc797c0a982021-12-22 12:44:50.695root 11241100x80000000000000004020558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df1dcd78226ff3d2021-12-22 12:44:50.695root 11241100x80000000000000004020559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ef2a33a86217e92021-12-22 12:44:50.695root 11241100x80000000000000004020560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4aa77e5973d0932021-12-22 12:44:50.695root 11241100x80000000000000004020561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cc3e03906f43072021-12-22 12:44:50.695root 11241100x80000000000000004020562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdba94f1276baae2021-12-22 12:44:50.695root 11241100x80000000000000004020563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedc14d0003ce8d32021-12-22 12:44:50.695root 11241100x80000000000000004020564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a5bdbc5365f24a2021-12-22 12:44:50.695root 11241100x80000000000000004020565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10e5787898f5a542021-12-22 12:44:50.696root 11241100x80000000000000004020566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58be854abf7488d82021-12-22 12:44:51.193root 11241100x80000000000000004020567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19162b02c6f42d2d2021-12-22 12:44:51.193root 11241100x80000000000000004020568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacc873781073f862021-12-22 12:44:51.193root 11241100x80000000000000004020569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ae284a5618841d2021-12-22 12:44:51.194root 11241100x80000000000000004020570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33070bd9b83376132021-12-22 12:44:51.194root 11241100x80000000000000004020571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2cd0d1a47ee5672021-12-22 12:44:51.194root 11241100x80000000000000004020572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559c4ce7a3c2c3422021-12-22 12:44:51.194root 11241100x80000000000000004020573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ddb16d1169f1952021-12-22 12:44:51.194root 11241100x80000000000000004020574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4a5cec728755982021-12-22 12:44:51.194root 11241100x80000000000000004020575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2b3cf8a0bd6a0e2021-12-22 12:44:51.194root 11241100x80000000000000004020576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1018fee76608f35f2021-12-22 12:44:51.194root 11241100x80000000000000004020577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6265a512f2a5712021-12-22 12:44:51.194root 11241100x80000000000000004020578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2ad5288232723a2021-12-22 12:44:51.194root 11241100x80000000000000004020579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f98fb499d92e732021-12-22 12:44:51.194root 11241100x80000000000000004020580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804bb77f5b10c8d22021-12-22 12:44:51.195root 11241100x80000000000000004020581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9b1eeb10e4a1862021-12-22 12:44:51.195root 11241100x80000000000000004020582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60529dd5b83165f92021-12-22 12:44:51.195root 11241100x80000000000000004020583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf0bd3bec08d60e2021-12-22 12:44:51.195root 11241100x80000000000000004020584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6627003cafbb4932021-12-22 12:44:51.195root 11241100x80000000000000004020585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97418a58e4b936ed2021-12-22 12:44:51.195root 11241100x80000000000000004020586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941e36a43bdde5f12021-12-22 12:44:51.195root 11241100x80000000000000004020587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa5534f30c954d12021-12-22 12:44:51.195root 11241100x80000000000000004020588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473a205987c33a1c2021-12-22 12:44:51.196root 11241100x80000000000000004020589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d66d16a07137112021-12-22 12:44:51.196root 11241100x80000000000000004020590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f79c8e88ccfef52021-12-22 12:44:51.196root 11241100x80000000000000004020591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbedce40683ab612021-12-22 12:44:51.196root 11241100x80000000000000004020592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376311a601671b392021-12-22 12:44:51.693root 11241100x80000000000000004020593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6456b762ff5941e12021-12-22 12:44:51.693root 11241100x80000000000000004020594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d6579bb50f82e92021-12-22 12:44:51.694root 11241100x80000000000000004020595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b29628edc301a9e2021-12-22 12:44:51.694root 11241100x80000000000000004020596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed851d16ccaffb62021-12-22 12:44:51.694root 11241100x80000000000000004020597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c505e424c4bd71c22021-12-22 12:44:51.694root 11241100x80000000000000004020598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9ccec7646aae522021-12-22 12:44:51.694root 11241100x80000000000000004020599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210901ad7173d4642021-12-22 12:44:51.694root 11241100x80000000000000004020600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7add3c9b9467be152021-12-22 12:44:51.694root 11241100x80000000000000004020601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ceab5ffed4baca2021-12-22 12:44:51.694root 11241100x80000000000000004020602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d98b0d2d712be392021-12-22 12:44:51.694root 11241100x80000000000000004020603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d91115ccb735cd2021-12-22 12:44:51.694root 11241100x80000000000000004020604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e239101ec30520a12021-12-22 12:44:51.694root 11241100x80000000000000004020605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2ca73117bd331f2021-12-22 12:44:51.694root 11241100x80000000000000004020606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a969e7286d54522021-12-22 12:44:51.694root 11241100x80000000000000004020607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890f29d91ba50c112021-12-22 12:44:51.694root 11241100x80000000000000004020608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf10cc4d8d3a4d22021-12-22 12:44:51.694root 11241100x80000000000000004020609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ec5235fae67d4c2021-12-22 12:44:51.695root 11241100x80000000000000004020610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd59b40d118de4e2021-12-22 12:44:51.695root 11241100x80000000000000004020611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2314985aff3158712021-12-22 12:44:51.695root 11241100x80000000000000004020612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917ced1318d3e0132021-12-22 12:44:51.695root 11241100x80000000000000004020613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f789c126ef5d1bd2021-12-22 12:44:51.695root 11241100x80000000000000004020614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37973320e74979372021-12-22 12:44:51.696root 11241100x80000000000000004020615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6c6a9e0505f89f2021-12-22 12:44:51.696root 11241100x80000000000000004020616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02184c028ac8628d2021-12-22 12:44:51.696root 11241100x80000000000000004020617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa32fdaa73be2a782021-12-22 12:44:51.696root 11241100x80000000000000004020618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d2f121e2d9c9142021-12-22 12:44:52.193root 11241100x80000000000000004020619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b108754252f60bd62021-12-22 12:44:52.193root 11241100x80000000000000004020620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2452342fc4dcb7652021-12-22 12:44:52.194root 11241100x80000000000000004020621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818af2385809d4722021-12-22 12:44:52.194root 11241100x80000000000000004020622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe734fd631e60ed2021-12-22 12:44:52.194root 11241100x80000000000000004020623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c92c1fa9ed89142021-12-22 12:44:52.194root 11241100x80000000000000004020624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9567111a1c92d22021-12-22 12:44:52.194root 11241100x80000000000000004020625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83014289fd9c35432021-12-22 12:44:52.194root 11241100x80000000000000004020626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e249559cebbb5652021-12-22 12:44:52.194root 11241100x80000000000000004020627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83276b528f19d9462021-12-22 12:44:52.194root 11241100x80000000000000004020628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ab780a27d966a62021-12-22 12:44:52.194root 11241100x80000000000000004020629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901fa564c2b682512021-12-22 12:44:52.194root 11241100x80000000000000004020630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cf5d0b278bdc572021-12-22 12:44:52.194root 11241100x80000000000000004020631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1c080dd5bdfb7b2021-12-22 12:44:52.194root 11241100x80000000000000004020632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20777e6313e301e22021-12-22 12:44:52.195root 11241100x80000000000000004020633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fae06b5815f33f2021-12-22 12:44:52.195root 11241100x80000000000000004020634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad56f086be71b83f2021-12-22 12:44:52.195root 11241100x80000000000000004020635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd03b228e48f7b322021-12-22 12:44:52.195root 11241100x80000000000000004020636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6c7e4baeca500f2021-12-22 12:44:52.195root 11241100x80000000000000004020637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72765a4c1f44f52a2021-12-22 12:44:52.195root 11241100x80000000000000004020638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f8eb797130e0fd2021-12-22 12:44:52.195root 11241100x80000000000000004020639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d5414add8247ed2021-12-22 12:44:52.195root 11241100x80000000000000004020640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554125c2dd466e2e2021-12-22 12:44:52.195root 11241100x80000000000000004020641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d19c2e545c89d712021-12-22 12:44:52.196root 11241100x80000000000000004020642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e3dce7a67e4ad62021-12-22 12:44:52.196root 11241100x80000000000000004020643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8dd205d4e28a872021-12-22 12:44:52.196root 11241100x80000000000000004020644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fd119d13a2ef362021-12-22 12:44:52.693root 11241100x80000000000000004020645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3010b9ee5f0e49cf2021-12-22 12:44:52.693root 11241100x80000000000000004020646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e1b4064f7959162021-12-22 12:44:52.693root 11241100x80000000000000004020647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3ba3fef3e1b27e2021-12-22 12:44:52.693root 11241100x80000000000000004020648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b90cc52df47edb32021-12-22 12:44:52.693root 11241100x80000000000000004020649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b07ed5f4e30d91b2021-12-22 12:44:52.694root 11241100x80000000000000004020650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f41904782287062021-12-22 12:44:52.694root 11241100x80000000000000004020651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6f1fc0b2138e4b2021-12-22 12:44:52.694root 11241100x80000000000000004020652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c52ec8e096ed8632021-12-22 12:44:52.694root 11241100x80000000000000004020653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fc3183d2f204e62021-12-22 12:44:52.694root 11241100x80000000000000004020654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b44369cc0dedf4e2021-12-22 12:44:52.695root 11241100x80000000000000004020655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd5b778f75dae092021-12-22 12:44:52.695root 11241100x80000000000000004020656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a96251f7d869ee2021-12-22 12:44:52.695root 11241100x80000000000000004020657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1604cdf97a434b2021-12-22 12:44:52.695root 11241100x80000000000000004020658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12aff12e7a940602021-12-22 12:44:52.695root 11241100x80000000000000004020659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ae9ae1657bce822021-12-22 12:44:52.695root 11241100x80000000000000004020660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a8b981d71aa9e02021-12-22 12:44:52.695root 11241100x80000000000000004020661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537e1af62c22ec212021-12-22 12:44:52.696root 11241100x80000000000000004020662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dd714732fe74812021-12-22 12:44:52.696root 11241100x80000000000000004020663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8816ea29b250439d2021-12-22 12:44:52.696root 11241100x80000000000000004020664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8882a32d68b45802021-12-22 12:44:52.696root 11241100x80000000000000004020665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980e59125296d61a2021-12-22 12:44:52.696root 11241100x80000000000000004020666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3b4f82ae8653c02021-12-22 12:44:52.696root 11241100x80000000000000004020667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e20ec295194903e2021-12-22 12:44:52.696root 11241100x80000000000000004020668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8035dc0131c628842021-12-22 12:44:52.696root 11241100x80000000000000004020669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3061d39f5c4d69812021-12-22 12:44:52.696root 154100x80000000000000004020670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.886{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudo-----sudo insmod rootkit.ko/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 354300x80000000000000004020671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.890{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudoubuntuudptruefalse127.0.0.1-47573-false127.0.0.53-53- 354300x80000000000000004020672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.890{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-51370-false10.0.0.2-53- 354300x80000000000000004020673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.890{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-37943-false10.0.0.2-53- 354300x80000000000000004020674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.893{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-47573- 354300x80000000000000004020675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.893{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-52750- 354300x80000000000000004020676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.893{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudoubuntuudptruefalse127.0.0.1-52750-false127.0.0.53-53- 354300x80000000000000004020677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.893{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-52750- 154100x80000000000000004020678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.896{ec2b6afe-1dc4-61c3-50cd-dc9663550000}22714/bin/kmod-----insmod rootkit.ko/home/ubuntu/rootkit_testroot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudosudoubuntu 11241100x80000000000000004020679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.900{ec2b6afe-9233-61c1-b8ed-5a3378550000}473/lib/systemd/systemd-udevd/run/udev/queue2021-12-22 12:44:52.900root 534500x80000000000000004020680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.900{ec2b6afe-1dc4-61c3-50cd-dc9663550000}22714/bin/kmodroot 534500x80000000000000004020681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.901{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudoroot 23542300x80000000000000004020682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.902{ec2b6afe-9233-61c1-b8ed-5a3378550000}473root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000004020683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.903{ec2b6afe-1d38-61c3-0000-000000000000}22715-root 11241100x80000000000000004020684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3970bf6697b03c802021-12-22 12:44:53.192root 11241100x80000000000000004020685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df3646436d32c9e2021-12-22 12:44:53.193root 11241100x80000000000000004020686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4b6325afa92bbb2021-12-22 12:44:53.193root 11241100x80000000000000004020687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d9e030c44998e62021-12-22 12:44:53.193root 11241100x80000000000000004020688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601d96922f176b542021-12-22 12:44:53.193root 11241100x80000000000000004020689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e23cdff286fa252021-12-22 12:44:53.193root 11241100x80000000000000004020690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e5d5e5161c87f92021-12-22 12:44:53.193root 11241100x80000000000000004020691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058d3fff33452da72021-12-22 12:44:53.193root 11241100x80000000000000004020692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14db315db312a9092021-12-22 12:44:53.193root 11241100x80000000000000004020693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf145ab3201c04652021-12-22 12:44:53.194root 11241100x80000000000000004020694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76034d83d524e582021-12-22 12:44:53.194root 11241100x80000000000000004020695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f80a6ed1b99c652021-12-22 12:44:53.194root 11241100x80000000000000004020696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79077827833db9b2021-12-22 12:44:53.194root 11241100x80000000000000004020697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e23425ca2396862021-12-22 12:44:53.194root 11241100x80000000000000004020698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b5526231b05c3c2021-12-22 12:44:53.194root 11241100x80000000000000004020699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34e57c209dfaf222021-12-22 12:44:53.194root 11241100x80000000000000004020700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dd3e12f27851812021-12-22 12:44:53.194root 11241100x80000000000000004020701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9336c94df0e09e2021-12-22 12:44:53.194root 11241100x80000000000000004020702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91319e6b65f7dfa2021-12-22 12:44:53.194root 11241100x80000000000000004020703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ddf399ccf381422021-12-22 12:44:53.194root 11241100x80000000000000004020704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583e8f7694f757f82021-12-22 12:44:53.194root 11241100x80000000000000004020705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64346f9afedfa6742021-12-22 12:44:53.194root 11241100x80000000000000004020706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f7634759f5bd0e2021-12-22 12:44:53.194root 11241100x80000000000000004020707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cd9a156b5b97ec2021-12-22 12:44:53.194root 11241100x80000000000000004020708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee5fe0d9a315e4f2021-12-22 12:44:53.194root 11241100x80000000000000004020709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af3104e92b96c182021-12-22 12:44:53.195root 11241100x80000000000000004020710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a530ecb485b92c32021-12-22 12:44:53.195root 11241100x80000000000000004020711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbf58db07c00af62021-12-22 12:44:53.195root 11241100x80000000000000004020712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fc0ad25919faa92021-12-22 12:44:53.195root 11241100x80000000000000004020713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79753524daa72382021-12-22 12:44:53.195root 11241100x80000000000000004020714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c593b86e36e05fd42021-12-22 12:44:53.195root 11241100x80000000000000004020715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b2aaee0524ebcd2021-12-22 12:44:53.195root 11241100x80000000000000004020716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b2c3937a6357642021-12-22 12:44:53.195root 11241100x80000000000000004020717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819323a456d6d6a22021-12-22 12:44:53.195root 11241100x80000000000000004020718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb6029b5f330dae2021-12-22 12:44:53.196root 11241100x80000000000000004020719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a9d3ab8424bfd02021-12-22 12:44:53.196root 11241100x80000000000000004020720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f736934e9daaf72021-12-22 12:44:53.196root 11241100x80000000000000004020721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e142da23f8aa3c2021-12-22 12:44:53.196root 11241100x80000000000000004020722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fd4a9f0d418b762021-12-22 12:44:53.196root 11241100x80000000000000004020723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169b6993a90da3ed2021-12-22 12:44:53.196root 11241100x80000000000000004020724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a7b27849ad03082021-12-22 12:44:53.196root 11241100x80000000000000004020725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a42cacd6b8275c2021-12-22 12:44:53.196root 11241100x80000000000000004020726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b7af1d5502e0632021-12-22 12:44:53.196root 11241100x80000000000000004020727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f43b77f418b1e12021-12-22 12:44:53.196root 11241100x80000000000000004020728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7792ec1fbe5e202021-12-22 12:44:53.196root 11241100x80000000000000004020729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92a6893db6f59942021-12-22 12:44:53.196root 11241100x80000000000000004020730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbcee0888ef77872021-12-22 12:44:53.197root 11241100x80000000000000004020731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a790bc75f8a80582021-12-22 12:44:53.197root 11241100x80000000000000004020732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa139151fa76c222021-12-22 12:44:53.197root 11241100x80000000000000004020733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10717eaa24cce5df2021-12-22 12:44:53.197root 11241100x80000000000000004020734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e77fbb8afbf47a22021-12-22 12:44:53.197root 11241100x80000000000000004020735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9fcdf42b63c8882021-12-22 12:44:53.197root 11241100x80000000000000004020736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d02d6b6c4ab8052021-12-22 12:44:53.197root 11241100x80000000000000004020737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44fb6d22b8c18e62021-12-22 12:44:53.197root 11241100x80000000000000004020738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9386eb67b365d27b2021-12-22 12:44:53.197root 11241100x80000000000000004020739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9690ca367588f1d2021-12-22 12:44:53.197root 11241100x80000000000000004020740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23662d20f43c37f2021-12-22 12:44:53.197root 11241100x80000000000000004020741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf75d8539d83dd52021-12-22 12:44:53.197root 11241100x80000000000000004020742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df567d2698a598982021-12-22 12:44:53.197root 11241100x80000000000000004020743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52a2cd173fcc1f72021-12-22 12:44:53.197root 11241100x80000000000000004020744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e402ceabdd359b32021-12-22 12:44:53.197root 11241100x80000000000000004020745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680cef9f0418c1042021-12-22 12:44:53.198root 11241100x80000000000000004020746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d8707d64cbc7f42021-12-22 12:44:53.198root 11241100x80000000000000004020747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57403b4a0f40db0c2021-12-22 12:44:53.198root 11241100x80000000000000004020748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2672b39b8b76f9de2021-12-22 12:44:53.198root 11241100x80000000000000004020749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365002a5ac1a7a912021-12-22 12:44:53.198root 11241100x80000000000000004020750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea93e07771bc9aa2021-12-22 12:44:53.692root 11241100x80000000000000004020751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda5d110d8b1ef492021-12-22 12:44:53.693root 11241100x80000000000000004020752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e407b2c7eb31d0912021-12-22 12:44:53.693root 11241100x80000000000000004020753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c350272ccd8e812021-12-22 12:44:53.693root 11241100x80000000000000004020754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f9922836ce49de2021-12-22 12:44:53.693root 11241100x80000000000000004020755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bfb1c1dc94febd2021-12-22 12:44:53.694root 11241100x80000000000000004020756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dbbec08f8b1c602021-12-22 12:44:53.694root 11241100x80000000000000004020757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf45c2f81d1fc1b2021-12-22 12:44:53.694root 11241100x80000000000000004020758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c223e7d895978b5a2021-12-22 12:44:53.694root 11241100x80000000000000004020759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68287b73b40085742021-12-22 12:44:53.695root 11241100x80000000000000004020760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5de33e91fc77d22021-12-22 12:44:53.695root 11241100x80000000000000004020761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e618d48da3a4806c2021-12-22 12:44:53.695root 11241100x80000000000000004020762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e78ab5652557e62021-12-22 12:44:53.695root 11241100x80000000000000004020763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab15ca286798a15d2021-12-22 12:44:53.696root 11241100x80000000000000004020764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abdf31ae22536902021-12-22 12:44:53.696root 11241100x80000000000000004020765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be5d6e530f073c42021-12-22 12:44:53.696root 11241100x80000000000000004020766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a39e2442ca18622021-12-22 12:44:53.696root 11241100x80000000000000004020767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9b94931f501cee2021-12-22 12:44:53.696root 11241100x80000000000000004020768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5cedf9800c34f02021-12-22 12:44:53.696root 11241100x80000000000000004020769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8960f5b283fbc652021-12-22 12:44:53.696root 11241100x80000000000000004020770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a65eebeb6d926f2021-12-22 12:44:53.696root 11241100x80000000000000004020771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87517fdeac3f33d2021-12-22 12:44:53.697root 11241100x80000000000000004020772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6080b27c68e37a2021-12-22 12:44:53.697root 11241100x80000000000000004020773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ad1622a88b79292021-12-22 12:44:53.697root 11241100x80000000000000004020774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366fc2e57815f0152021-12-22 12:44:53.697root 11241100x80000000000000004020775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca09c7526a29a2602021-12-22 12:44:53.697root 11241100x80000000000000004020776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78d2a930e9bc1db2021-12-22 12:44:53.697root 11241100x80000000000000004020777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28545151206aadf12021-12-22 12:44:53.697root 11241100x80000000000000004020778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbf62d2bb15de812021-12-22 12:44:53.697root 11241100x80000000000000004020779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47964152d36faea12021-12-22 12:44:53.697root 11241100x80000000000000004020780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157a08c95222720a2021-12-22 12:44:53.698root 11241100x80000000000000004020781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ea2848d267b8332021-12-22 12:44:53.698root 11241100x80000000000000004020782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d6a26cb0a089f12021-12-22 12:44:53.698root 11241100x80000000000000004020783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5295c094fa667d072021-12-22 12:44:53.698root 11241100x80000000000000004020784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa51ff9c145fc4e92021-12-22 12:44:53.698root 11241100x80000000000000004020785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5d093276c94b632021-12-22 12:44:53.698root 11241100x80000000000000004020786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203c8c17b074c96a2021-12-22 12:44:53.698root 11241100x80000000000000004020787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e24848c2ce9f2d2021-12-22 12:44:53.698root 11241100x80000000000000004020788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c7d6da18c43f1e2021-12-22 12:44:53.698root 11241100x80000000000000004020789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853eb792854f32f92021-12-22 12:44:53.699root 11241100x80000000000000004020790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c74eeea2af621382021-12-22 12:44:53.699root 11241100x80000000000000004020791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a213abda0f4cee2021-12-22 12:44:53.699root 11241100x80000000000000004020792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa44a670f9d01fa2021-12-22 12:44:53.699root 11241100x80000000000000004020793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61af8aeab57dffe2021-12-22 12:44:53.699root 11241100x80000000000000004020794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47f25945726a2802021-12-22 12:44:53.699root 11241100x80000000000000004020795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729652c57595db082021-12-22 12:44:53.699root 11241100x80000000000000004020796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d75db56e9475a72021-12-22 12:44:54.193root 11241100x80000000000000004020797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024444e817c7d5ed2021-12-22 12:44:54.193root 11241100x80000000000000004020798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18b95bd00ccc01e2021-12-22 12:44:54.193root 11241100x80000000000000004020799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39acf6b36a3d25252021-12-22 12:44:54.194root 11241100x80000000000000004020800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a28e711fec2af02021-12-22 12:44:54.194root 11241100x80000000000000004020801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d58d9a23a0b4cba2021-12-22 12:44:54.194root 11241100x80000000000000004020802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b15f28ac09f5e882021-12-22 12:44:54.194root 11241100x80000000000000004020803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff14ba42c2368a202021-12-22 12:44:54.194root 11241100x80000000000000004020804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b48b5a6487e0c6a2021-12-22 12:44:54.194root 11241100x80000000000000004020805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280beb57d46ffdef2021-12-22 12:44:54.194root 11241100x80000000000000004020806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba16c1c9715ca712021-12-22 12:44:54.194root 11241100x80000000000000004020807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90573e3685eeb6572021-12-22 12:44:54.194root 11241100x80000000000000004020808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2169fb1ef19b43d2021-12-22 12:44:54.194root 11241100x80000000000000004020809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82845ad84814ffc72021-12-22 12:44:54.195root 11241100x80000000000000004020810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3647368cbf752d952021-12-22 12:44:54.195root 11241100x80000000000000004020811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d3fa3d17aafe882021-12-22 12:44:54.195root 11241100x80000000000000004020812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab7ea4fbb9ca3562021-12-22 12:44:54.195root 11241100x80000000000000004020813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657212142269474a2021-12-22 12:44:54.195root 11241100x80000000000000004020814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2bb9bbf95dd41b2021-12-22 12:44:54.195root 11241100x80000000000000004020815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33176ba606c4e2192021-12-22 12:44:54.195root 11241100x80000000000000004020816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050554432cc4697a2021-12-22 12:44:54.195root 11241100x80000000000000004020817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b007da65aca6d82021-12-22 12:44:54.196root 11241100x80000000000000004020818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ab73b43c8e0f62021-12-22 12:44:54.196root 11241100x80000000000000004020819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c11ab743301fc32021-12-22 12:44:54.196root 11241100x80000000000000004020820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb354bbab9c4c6e2021-12-22 12:44:54.196root 11241100x80000000000000004020821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30317357e047d0292021-12-22 12:44:54.196root 11241100x80000000000000004020822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a690f4f96fe86d2021-12-22 12:44:54.196root 11241100x80000000000000004020823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2eeb81e1cb94112021-12-22 12:44:54.196root 11241100x80000000000000004020824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19592f817dcb1ed82021-12-22 12:44:54.196root 11241100x80000000000000004020825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7677968003a3a722021-12-22 12:44:54.196root 11241100x80000000000000004020826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93a508c357e11842021-12-22 12:44:54.196root 11241100x80000000000000004020827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84af2731d50313f12021-12-22 12:44:54.197root 11241100x80000000000000004020828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab154f473d415342021-12-22 12:44:54.197root 11241100x80000000000000004020829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db93fba5dc0e3e4b2021-12-22 12:44:54.197root 11241100x80000000000000004020830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362480a8ec0143282021-12-22 12:44:54.197root 11241100x80000000000000004020831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286febc1199deca52021-12-22 12:44:54.197root 11241100x80000000000000004020832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a51a3b5ffdf4002021-12-22 12:44:54.197root 11241100x80000000000000004020833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883f61a59b14673b2021-12-22 12:44:54.197root 11241100x80000000000000004020834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c847ded036218452021-12-22 12:44:54.197root 11241100x80000000000000004020835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c31751f1a7fabfd2021-12-22 12:44:54.197root 11241100x80000000000000004020836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd62f5b4c1ddab52021-12-22 12:44:54.197root 11241100x80000000000000004020837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1595d2631effa5292021-12-22 12:44:54.198root 11241100x80000000000000004020838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af55e3b6a6d77bab2021-12-22 12:44:54.198root 11241100x80000000000000004020839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0f7cf57baaa99a2021-12-22 12:44:54.198root 11241100x80000000000000004020840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390605222818336f2021-12-22 12:44:54.198root 11241100x80000000000000004020841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe02377508bb9302021-12-22 12:44:54.198root 11241100x80000000000000004020842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194fde6263850dc32021-12-22 12:44:54.198root 11241100x80000000000000004020843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525cfe2504dc703d2021-12-22 12:44:54.198root 11241100x80000000000000004020844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e441788030ab0ba2021-12-22 12:44:54.693root 11241100x80000000000000004020845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6fd578947b2d082021-12-22 12:44:54.693root 11241100x80000000000000004020846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dde01ae099a7c692021-12-22 12:44:54.693root 11241100x80000000000000004020847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d711d19d762ac02021-12-22 12:44:54.693root 11241100x80000000000000004020848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b8685b5df7a8142021-12-22 12:44:54.693root 11241100x80000000000000004020849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc92ddc715382fde2021-12-22 12:44:54.693root 11241100x80000000000000004020850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0eed9fc4dda453c2021-12-22 12:44:54.694root 11241100x80000000000000004020851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c4cd7c033e3dfb2021-12-22 12:44:54.694root 11241100x80000000000000004020852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2747344e37346f92021-12-22 12:44:54.694root 11241100x80000000000000004020853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4501b039b4309f2021-12-22 12:44:54.694root 11241100x80000000000000004020854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5370572728e46092021-12-22 12:44:54.694root 11241100x80000000000000004020855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b4cf9ddfb82a412021-12-22 12:44:54.694root 11241100x80000000000000004020856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965fc7a983a5ff232021-12-22 12:44:54.694root 11241100x80000000000000004020857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddb85ecb9e6dcc72021-12-22 12:44:54.694root 11241100x80000000000000004020858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae6c74cb70639e02021-12-22 12:44:54.694root 11241100x80000000000000004020859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1f0d307f29261c2021-12-22 12:44:54.695root 11241100x80000000000000004020860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c25cbd9d863b25e2021-12-22 12:44:54.695root 11241100x80000000000000004020861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a03cee2c972702021-12-22 12:44:54.695root 11241100x80000000000000004020862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4e962a487f0cd72021-12-22 12:44:54.695root 11241100x80000000000000004020863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097a0f19c4e7baa52021-12-22 12:44:54.695root 11241100x80000000000000004020864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539156dfaea81b222021-12-22 12:44:54.695root 11241100x80000000000000004020865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e19b79d854b95c2021-12-22 12:44:54.695root 11241100x80000000000000004020866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de96a5d5e15c88f2021-12-22 12:44:54.695root 11241100x80000000000000004020867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086fb3f65d2b1c1c2021-12-22 12:44:54.695root 11241100x80000000000000004020868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa973258f90bda52021-12-22 12:44:54.696root 11241100x80000000000000004020869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9619d67e7c5b6462021-12-22 12:44:54.696root 11241100x80000000000000004020870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcff386d4a8bdce2021-12-22 12:44:54.696root 11241100x80000000000000004020871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a449f9d15291de2021-12-22 12:44:54.696root 11241100x80000000000000004020872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2023cc3bc13af49a2021-12-22 12:44:54.696root 11241100x80000000000000004020873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f456da94fc56db462021-12-22 12:44:54.696root 11241100x80000000000000004020874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f68b109a0fde43c2021-12-22 12:44:54.696root 11241100x80000000000000004020875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa911984169127b2021-12-22 12:44:54.696root 11241100x80000000000000004020876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff03c020bf8af6752021-12-22 12:44:54.697root 11241100x80000000000000004020877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67488c2b9dc5f232021-12-22 12:44:54.697root 11241100x80000000000000004020878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07af3e8d8055d4db2021-12-22 12:44:54.697root 11241100x80000000000000004020879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2b983afeda4d12021-12-22 12:44:54.697root 11241100x80000000000000004020880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155ecf49ae3fbab72021-12-22 12:44:54.698root 11241100x80000000000000004020881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c107312b11405b42021-12-22 12:44:54.698root 11241100x80000000000000004020882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ca7a83ac396b452021-12-22 12:44:54.698root 11241100x80000000000000004020883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596704b2c33dc6bf2021-12-22 12:44:54.698root 11241100x80000000000000004020884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f741a5606f68042021-12-22 12:44:54.699root 11241100x80000000000000004020885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7bca5f998ec74d2021-12-22 12:44:54.699root 11241100x80000000000000004020886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c454c77f122bbb2021-12-22 12:44:54.699root 11241100x80000000000000004020887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fb50ae4b3cdcc02021-12-22 12:44:54.699root 354300x80000000000000004020888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.151{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56850-false10.0.1.12-8000- 11241100x80000000000000004020889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6025d2e7f610dff2021-12-22 12:44:55.152root 11241100x80000000000000004020890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3039d46d2513522021-12-22 12:44:55.152root 11241100x80000000000000004020891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0a1a2bab77e7002021-12-22 12:44:55.152root 11241100x80000000000000004020892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20c23e8908565a12021-12-22 12:44:55.152root 11241100x80000000000000004020893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def5b24d59698e232021-12-22 12:44:55.152root 11241100x80000000000000004020894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9b95972678484b2021-12-22 12:44:55.152root 11241100x80000000000000004020895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549f87f911cca54a2021-12-22 12:44:55.153root 11241100x80000000000000004020896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3e921de3991a232021-12-22 12:44:55.153root 11241100x80000000000000004020897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ba13094a79a1972021-12-22 12:44:55.153root 11241100x80000000000000004020898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc36b744c16c39412021-12-22 12:44:55.153root 11241100x80000000000000004020899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237c57ff7b74b8792021-12-22 12:44:55.153root 11241100x80000000000000004020900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dae2cef502e54922021-12-22 12:44:55.153root 11241100x80000000000000004020901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2679026252ae68c2021-12-22 12:44:55.153root 11241100x80000000000000004020902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44dfd7cd0db1a542021-12-22 12:44:55.153root 11241100x80000000000000004020903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcea474c51dc1022021-12-22 12:44:55.153root 11241100x80000000000000004020904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254c84349d610e362021-12-22 12:44:55.153root 11241100x80000000000000004020905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da04294eb0456f422021-12-22 12:44:55.153root 11241100x80000000000000004020906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c20dfe3f10a0c92021-12-22 12:44:55.153root 11241100x80000000000000004020907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fd56f7b44ac7722021-12-22 12:44:55.153root 11241100x80000000000000004020908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8697d6b48cd337f92021-12-22 12:44:55.153root 11241100x80000000000000004020909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46d8382a0be71852021-12-22 12:44:55.153root 11241100x80000000000000004020910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc057cf54d35fe02021-12-22 12:44:55.154root 11241100x80000000000000004020911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf21c54d4efa83552021-12-22 12:44:55.154root 11241100x80000000000000004020912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c9dbffaacceb932021-12-22 12:44:55.154root 11241100x80000000000000004020913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46943a90dee5fdb62021-12-22 12:44:55.154root 11241100x80000000000000004020914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f03baaf23d28a132021-12-22 12:44:55.154root 11241100x80000000000000004020915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68da68c9b6cd83232021-12-22 12:44:55.154root 11241100x80000000000000004020916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc417bbbb4a0aa82021-12-22 12:44:55.154root 11241100x80000000000000004020917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fc79cf97161dc62021-12-22 12:44:55.154root 11241100x80000000000000004020918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eb4a483e0ee4c02021-12-22 12:44:55.154root 11241100x80000000000000004020919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505e5c616cb9c8fb2021-12-22 12:44:55.154root 11241100x80000000000000004020920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575145205e28a5952021-12-22 12:44:55.154root 11241100x80000000000000004020921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2085c9f75ef6b72021-12-22 12:44:55.154root 11241100x80000000000000004020922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6879109191cb260a2021-12-22 12:44:55.154root 11241100x80000000000000004020923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c48736dc7ec67a2021-12-22 12:44:55.154root 11241100x80000000000000004020924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9b81af32934d362021-12-22 12:44:55.154root 11241100x80000000000000004020925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a21d99a75dd24682021-12-22 12:44:55.155root 11241100x80000000000000004020926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f789773003c9190f2021-12-22 12:44:55.155root 11241100x80000000000000004020927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083917673129b76f2021-12-22 12:44:55.155root 11241100x80000000000000004020928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe2aa178d44924e2021-12-22 12:44:55.155root 11241100x80000000000000004020929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ad34867410cb252021-12-22 12:44:55.155root 11241100x80000000000000004020930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5596c766e336242021-12-22 12:44:55.155root 11241100x80000000000000004020931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c306f462b427d5672021-12-22 12:44:55.155root 11241100x80000000000000004020932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c011f36732a31712021-12-22 12:44:55.155root 11241100x80000000000000004020933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a2e9c823c0c9ac2021-12-22 12:44:55.155root 11241100x80000000000000004020934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09bf79d18265bb42021-12-22 12:44:55.155root 11241100x80000000000000004020935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ace3ef380d9d7c2021-12-22 12:44:55.155root 11241100x80000000000000004020936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab374db69883b5d2021-12-22 12:44:55.155root 11241100x80000000000000004020937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919dfa51dead281e2021-12-22 12:44:55.156root 11241100x80000000000000004020938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e92486e399f3f92021-12-22 12:44:55.156root 11241100x80000000000000004020939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3058c148fd8fe58a2021-12-22 12:44:55.156root 11241100x80000000000000004020940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492ea85ec51cef882021-12-22 12:44:55.156root 11241100x80000000000000004020941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a2cbf0280581562021-12-22 12:44:55.156root 11241100x80000000000000004020942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909e10420a1b140a2021-12-22 12:44:55.156root 11241100x80000000000000004020943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa58f7020c1c2272021-12-22 12:44:55.156root 11241100x80000000000000004020944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af3bf2eacaf758c2021-12-22 12:44:55.156root 11241100x80000000000000004020945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8004ea57cb2a76422021-12-22 12:44:55.156root 11241100x80000000000000004020946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1700f752f508f5392021-12-22 12:44:55.156root 11241100x80000000000000004020947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1f2833134015492021-12-22 12:44:55.157root 11241100x80000000000000004020948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6731c0ecaea72532021-12-22 12:44:55.157root 11241100x80000000000000004020949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fe894f951b44842021-12-22 12:44:55.157root 11241100x80000000000000004020950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc28bc7ba09845e32021-12-22 12:44:55.157root 11241100x80000000000000004020951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dc09b4f66044662021-12-22 12:44:55.157root 11241100x80000000000000004020952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75700ccd1a262c402021-12-22 12:44:55.157root 11241100x80000000000000004020953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be4fa81c01edbd82021-12-22 12:44:55.157root 11241100x80000000000000004020954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37855750337798022021-12-22 12:44:55.157root 11241100x80000000000000004020955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4959bcde4d5af6a02021-12-22 12:44:55.157root 11241100x80000000000000004020956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363cf3d5fe3903c72021-12-22 12:44:55.157root 11241100x80000000000000004020957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03409e54c01fe752021-12-22 12:44:55.158root 11241100x80000000000000004020958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373d55cf17dba7162021-12-22 12:44:55.158root 154100x80000000000000004020959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.170{ec2b6afe-1dc7-61c3-504d-42775a550000}22716/bin/kmod-----lsmod/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000004020960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.175{ec2b6afe-1dc7-61c3-504d-42775a550000}22716/bin/kmodubuntu 11241100x80000000000000004020961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08da1a87cbe8e6a12021-12-22 12:44:55.443root 11241100x80000000000000004020962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e42be58b6e0b302021-12-22 12:44:55.443root 11241100x80000000000000004020963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0586e43c97c9542021-12-22 12:44:55.443root 11241100x80000000000000004020964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699c9622ca1ab2452021-12-22 12:44:55.444root 11241100x80000000000000004020965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5ce1a374e1afb22021-12-22 12:44:55.444root 11241100x80000000000000004020966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ece91b877026192021-12-22 12:44:55.444root 11241100x80000000000000004020967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97b362c173bc4062021-12-22 12:44:55.444root 11241100x80000000000000004020968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15eff93150e4a6912021-12-22 12:44:55.444root 11241100x80000000000000004020969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0c4bfb9c10a1732021-12-22 12:44:55.444root 11241100x80000000000000004020970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b467c2a367703d2021-12-22 12:44:55.444root 11241100x80000000000000004020971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668094f7112571ee2021-12-22 12:44:55.444root 11241100x80000000000000004020972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3399774731b8d2a02021-12-22 12:44:55.444root 11241100x80000000000000004020973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7693f83f8c2253182021-12-22 12:44:55.444root 11241100x80000000000000004020974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098535954cb1b8c52021-12-22 12:44:55.444root 11241100x80000000000000004020975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8fc0d50ae0c3fd2021-12-22 12:44:55.444root 11241100x80000000000000004020976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ec1552da493dcc2021-12-22 12:44:55.444root 11241100x80000000000000004020977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb7207fe419a59b2021-12-22 12:44:55.445root 11241100x80000000000000004020978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a378f3a454a1f81d2021-12-22 12:44:55.445root 11241100x80000000000000004020979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1bd0636f9a74442021-12-22 12:44:55.445root 11241100x80000000000000004020980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb02c6d3c613fb72021-12-22 12:44:55.445root 11241100x80000000000000004020981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52aeade58fbedb62021-12-22 12:44:55.445root 11241100x80000000000000004020982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c5c7baca2081912021-12-22 12:44:55.445root 11241100x80000000000000004020983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94c2c34be9c41572021-12-22 12:44:55.445root 11241100x80000000000000004020984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be14fa15ca6051a2021-12-22 12:44:55.445root 11241100x80000000000000004020985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9982e0f5be1c8c5d2021-12-22 12:44:55.445root 11241100x80000000000000004020986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82754223df0d98eb2021-12-22 12:44:55.445root 11241100x80000000000000004020987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f2540dedece9e72021-12-22 12:44:55.445root 11241100x80000000000000004020988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd723e74a4e463d2021-12-22 12:44:55.445root 11241100x80000000000000004020989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3114132aece102eb2021-12-22 12:44:55.445root 11241100x80000000000000004020990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5230091c015f11462021-12-22 12:44:55.445root 11241100x80000000000000004020991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32a9922a93caf212021-12-22 12:44:55.445root 11241100x80000000000000004020992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795baf3eea0074c42021-12-22 12:44:55.445root 11241100x80000000000000004020993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6422c47facab54262021-12-22 12:44:55.446root 11241100x80000000000000004020994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d966ffd8255450e2021-12-22 12:44:55.446root 11241100x80000000000000004020995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3361f3464c7424e2021-12-22 12:44:55.446root 11241100x80000000000000004020996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f527eca0982d4ff22021-12-22 12:44:55.446root 11241100x80000000000000004020997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d51bd610b492da2021-12-22 12:44:55.446root 11241100x80000000000000004020998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd87fc5929e1a7882021-12-22 12:44:55.446root 11241100x80000000000000004020999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cf387b1e3eae402021-12-22 12:44:55.446root 11241100x80000000000000004021000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d129e92bb3cd6da2021-12-22 12:44:55.446root 11241100x80000000000000004021001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7287ae8ac76a05da2021-12-22 12:44:55.446root 11241100x80000000000000004021002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6536dd03cc95c6cc2021-12-22 12:44:55.446root 11241100x80000000000000004021003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba322da8c1437a792021-12-22 12:44:55.446root 11241100x80000000000000004021004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd455cce6a8bd0a2021-12-22 12:44:55.446root 11241100x80000000000000004021005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec251b592096d8bf2021-12-22 12:44:55.446root 11241100x80000000000000004021006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a32dea2c64211382021-12-22 12:44:55.943root 11241100x80000000000000004021007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e1663dca1b3bdf2021-12-22 12:44:55.943root 11241100x80000000000000004021008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c190e18245cb8fe12021-12-22 12:44:55.943root 11241100x80000000000000004021009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c00e69d865299352021-12-22 12:44:55.943root 11241100x80000000000000004021010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8f7502a91feca22021-12-22 12:44:55.943root 11241100x80000000000000004021011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3126a27fd2afb132021-12-22 12:44:55.943root 11241100x80000000000000004021012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705bb321776041972021-12-22 12:44:55.943root 11241100x80000000000000004021013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dffa1810576b7922021-12-22 12:44:55.943root 11241100x80000000000000004021014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55662389701459c2021-12-22 12:44:55.943root 11241100x80000000000000004021015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321258771885e5102021-12-22 12:44:55.944root 11241100x80000000000000004021016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df682656a5fb9322021-12-22 12:44:55.944root 11241100x80000000000000004021017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2f5f30c79f20ff2021-12-22 12:44:55.944root 11241100x80000000000000004021018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a4bff20fc0ea9b2021-12-22 12:44:55.944root 11241100x80000000000000004021019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267c1d3bbd9648352021-12-22 12:44:55.944root 11241100x80000000000000004021020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757b23750e4c05a92021-12-22 12:44:55.944root 11241100x80000000000000004021021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f69effe549113d92021-12-22 12:44:55.944root 11241100x80000000000000004021022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77082684ba06bd22021-12-22 12:44:55.944root 11241100x80000000000000004021023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4083e1d3f7f779882021-12-22 12:44:55.944root 11241100x80000000000000004021024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c957d26a98763c92021-12-22 12:44:55.944root 11241100x80000000000000004021025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec79303a53b1ae42021-12-22 12:44:55.945root 11241100x80000000000000004021026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcc9d17f4d24d212021-12-22 12:44:55.945root 11241100x80000000000000004021027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661dc7a1d50de9012021-12-22 12:44:55.945root 11241100x80000000000000004021028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871efdab93cb61432021-12-22 12:44:55.945root 11241100x80000000000000004021029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed82560a3f1e5732021-12-22 12:44:55.945root 11241100x80000000000000004021030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37760ec834514db32021-12-22 12:44:55.945root 11241100x80000000000000004021031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c19548cf2beb17e2021-12-22 12:44:55.945root 11241100x80000000000000004021032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cda799727082062021-12-22 12:44:55.945root 11241100x80000000000000004021033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a9da72740d16be2021-12-22 12:44:55.945root 11241100x80000000000000004021034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa503a6f38dbc2f2021-12-22 12:44:55.945root 11241100x80000000000000004021035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dc3731445fc0cf2021-12-22 12:44:55.946root 11241100x80000000000000004021036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4712a8cbcacc932021-12-22 12:44:55.946root 11241100x80000000000000004021037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31fb86caf2d18852021-12-22 12:44:55.946root 11241100x80000000000000004021038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9c8ecef6a12c9d2021-12-22 12:44:55.946root 11241100x80000000000000004021039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff158bacb097b942021-12-22 12:44:55.946root 11241100x80000000000000004021040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1179d4ef773c2ca62021-12-22 12:44:55.946root 11241100x80000000000000004021041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881e1d19dd61e6b92021-12-22 12:44:55.946root 11241100x80000000000000004021042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65c6b0b0c456b152021-12-22 12:44:55.946root 11241100x80000000000000004021043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab08a77e940103e82021-12-22 12:44:55.946root 11241100x80000000000000004021044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d170c599678a87b2021-12-22 12:44:55.946root 11241100x80000000000000004021045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c863ef78a3c9e02021-12-22 12:44:55.946root 11241100x80000000000000004021046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0f995107e962632021-12-22 12:44:55.947root 11241100x80000000000000004021047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9048fffae335e4b2021-12-22 12:44:55.947root 11241100x80000000000000004021048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f154c3d0a9a77bfd2021-12-22 12:44:55.947root 11241100x80000000000000004021049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4a953c8e6214362021-12-22 12:44:55.947root 11241100x80000000000000004021050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38520fb5a7554c8b2021-12-22 12:44:55.947root 11241100x80000000000000004021051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880d95a9b15ed54c2021-12-22 12:44:55.947root 11241100x80000000000000004021052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfc6d2fc32ed1dc2021-12-22 12:44:56.443root 11241100x80000000000000004021053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48b694aaaa7b43d2021-12-22 12:44:56.443root 11241100x80000000000000004021054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277a8dd36adda6c12021-12-22 12:44:56.443root 11241100x80000000000000004021055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44ac5a9b5d93af22021-12-22 12:44:56.443root 11241100x80000000000000004021056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e67207ecb5069f72021-12-22 12:44:56.444root 11241100x80000000000000004021057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7a6c893b4592642021-12-22 12:44:56.444root 11241100x80000000000000004021058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abd4e04e3f674222021-12-22 12:44:56.444root 11241100x80000000000000004021059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1175d7b14a13102021-12-22 12:44:56.444root 11241100x80000000000000004021060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731c88fdf6893b122021-12-22 12:44:56.444root 11241100x80000000000000004021061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea2925d41e4213f2021-12-22 12:44:56.444root 11241100x80000000000000004021062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b724e14b60c1ad12021-12-22 12:44:56.444root 11241100x80000000000000004021063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18d2befa4e874ba2021-12-22 12:44:56.444root 11241100x80000000000000004021064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750b4c3ee7a2403f2021-12-22 12:44:56.444root 11241100x80000000000000004021065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9037fe2a7e3d3492021-12-22 12:44:56.444root 11241100x80000000000000004021066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b695f7836cc865562021-12-22 12:44:56.444root 11241100x80000000000000004021067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1500164d70d82e8f2021-12-22 12:44:56.444root 11241100x80000000000000004021068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a845dca170b3bfc22021-12-22 12:44:56.444root 11241100x80000000000000004021069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688ca03b3d3658302021-12-22 12:44:56.444root 11241100x80000000000000004021070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b4c54b9ed1d3f22021-12-22 12:44:56.445root 11241100x80000000000000004021071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e846f470e2954d4e2021-12-22 12:44:56.445root 11241100x80000000000000004021072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9cb00b6d1fad4c2021-12-22 12:44:56.445root 11241100x80000000000000004021073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52175f86d541ba062021-12-22 12:44:56.445root 11241100x80000000000000004021074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00393c72833217e12021-12-22 12:44:56.445root 11241100x80000000000000004021075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7a7b3663d070dc2021-12-22 12:44:56.445root 11241100x80000000000000004021076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c654198ea30595c72021-12-22 12:44:56.445root 11241100x80000000000000004021077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c77457dc36dd53a2021-12-22 12:44:56.445root 11241100x80000000000000004021078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307e77530e864d982021-12-22 12:44:56.445root 11241100x80000000000000004021079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9fa30a647ded0c2021-12-22 12:44:56.445root 11241100x80000000000000004021080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647079a43ddca4522021-12-22 12:44:56.445root 11241100x80000000000000004021081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1eab185a721f072021-12-22 12:44:56.445root 11241100x80000000000000004021082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4626e2fed5435a0c2021-12-22 12:44:56.445root 11241100x80000000000000004021083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f28672ab5a5caf2021-12-22 12:44:56.445root 11241100x80000000000000004021084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8dd5b395f854f02021-12-22 12:44:56.445root 11241100x80000000000000004021085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8649bfe59d6d8322021-12-22 12:44:56.446root 11241100x80000000000000004021086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fa008d87afa38c2021-12-22 12:44:56.446root 11241100x80000000000000004021087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa34de34db76d8e2021-12-22 12:44:56.446root 11241100x80000000000000004021088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39320a2935022362021-12-22 12:44:56.446root 11241100x80000000000000004021089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ae436466dccbe52021-12-22 12:44:56.446root 11241100x80000000000000004021090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e78b71e6c30ebae2021-12-22 12:44:56.446root 11241100x80000000000000004021091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f4a80acc32dce42021-12-22 12:44:56.446root 11241100x80000000000000004021092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01a9dfb38b9ddc72021-12-22 12:44:56.446root 11241100x80000000000000004021093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82201f2437153fbe2021-12-22 12:44:56.446root 11241100x80000000000000004021094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6dab2ae5cf784c2021-12-22 12:44:56.446root 11241100x80000000000000004021095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89578e31387a12fb2021-12-22 12:44:56.446root 11241100x80000000000000004021096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20702e0fb3b69df52021-12-22 12:44:56.942root 11241100x80000000000000004021097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5020cef36dea13532021-12-22 12:44:56.943root 11241100x80000000000000004021098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff151346289b6b6a2021-12-22 12:44:56.943root 11241100x80000000000000004021099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93807f41e22e5552021-12-22 12:44:56.943root 11241100x80000000000000004021100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1013acf5edf6d6862021-12-22 12:44:56.943root 11241100x80000000000000004021101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a86bdc0cc0b5682021-12-22 12:44:56.943root 11241100x80000000000000004021102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ae435d6a4f9d262021-12-22 12:44:56.943root 11241100x80000000000000004021103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425017a6dc68043e2021-12-22 12:44:56.943root 11241100x80000000000000004021104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829ce3c858f871372021-12-22 12:44:56.943root 11241100x80000000000000004021105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8759891edc67bf4c2021-12-22 12:44:56.944root 11241100x80000000000000004021106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e304246404b2d2352021-12-22 12:44:56.944root 11241100x80000000000000004021107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5d0d0ca57e91f82021-12-22 12:44:56.944root 11241100x80000000000000004021108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f6143bb1c84f942021-12-22 12:44:56.944root 11241100x80000000000000004021109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3601d3abffb7cab12021-12-22 12:44:56.944root 11241100x80000000000000004021110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f740e25e43c6c24d2021-12-22 12:44:56.944root 11241100x80000000000000004021111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1007451957a23f322021-12-22 12:44:56.944root 11241100x80000000000000004021112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907dd0e4a79fc94c2021-12-22 12:44:56.944root 11241100x80000000000000004021113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12029f18c800cb4f2021-12-22 12:44:56.945root 11241100x80000000000000004021114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce6ccdf965510192021-12-22 12:44:56.945root 11241100x80000000000000004021115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e06c8377b93966b2021-12-22 12:44:56.945root 11241100x80000000000000004021116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f846700bdc25d8a2021-12-22 12:44:56.945root 11241100x80000000000000004021117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c183a1238ec5232021-12-22 12:44:56.945root 11241100x80000000000000004021118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628ba401caed1e692021-12-22 12:44:56.945root 11241100x80000000000000004021119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9942f8f2a3a5de2021-12-22 12:44:56.945root 11241100x80000000000000004021120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37b771451d94fe82021-12-22 12:44:56.946root 11241100x80000000000000004021121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099de28688e0a85e2021-12-22 12:44:56.946root 11241100x80000000000000004021122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a940b94bfc2e592021-12-22 12:44:56.946root 11241100x80000000000000004021123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e31f30e3ae042b02021-12-22 12:44:56.946root 11241100x80000000000000004021124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a0b372237e5e862021-12-22 12:44:56.948root 11241100x80000000000000004021125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214c46a08377cc3b2021-12-22 12:44:56.948root 11241100x80000000000000004021126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292b56bb41abfcf22021-12-22 12:44:56.948root 11241100x80000000000000004021127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7f86380210a0282021-12-22 12:44:56.948root 11241100x80000000000000004021128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046c361ab52b68822021-12-22 12:44:56.948root 11241100x80000000000000004021129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b129cba8120ad4c32021-12-22 12:44:56.949root 11241100x80000000000000004021130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde6c74a4e66f2882021-12-22 12:44:56.949root 11241100x80000000000000004021131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8f530922c2ac632021-12-22 12:44:56.949root 11241100x80000000000000004021132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39f1191b9b7d3a92021-12-22 12:44:56.949root 11241100x80000000000000004021133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a948c86d72dc0c2021-12-22 12:44:56.949root 11241100x80000000000000004021134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd869b23a263f032021-12-22 12:44:56.949root 11241100x80000000000000004021135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bcee128d878c9b2021-12-22 12:44:56.949root 11241100x80000000000000004021136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e92dc78538428192021-12-22 12:44:56.949root 11241100x80000000000000004021137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559bbca267beede12021-12-22 12:44:56.950root 11241100x80000000000000004021138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e550da4d10819c2021-12-22 12:44:56.950root 11241100x80000000000000004021139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6881717bb1f68a22021-12-22 12:44:56.950root 11241100x80000000000000004021140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3030f94f4d42f7062021-12-22 12:44:56.950root 11241100x80000000000000004021141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2883ee88ffcf852021-12-22 12:44:56.951root 11241100x80000000000000004021142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb603a12b60dc552021-12-22 12:44:56.951root 11241100x80000000000000004021143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f16367aebbef2a2021-12-22 12:44:56.952root 11241100x80000000000000004021144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7b551f0354f8f72021-12-22 12:44:56.952root 11241100x80000000000000004021145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f263691223fd742021-12-22 12:44:56.952root 11241100x80000000000000004021146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaff78695ae5f992021-12-22 12:44:57.443root 11241100x80000000000000004021147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdcdee4537f3d8d2021-12-22 12:44:57.443root 11241100x80000000000000004021148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e191bb4e93869db2021-12-22 12:44:57.444root 11241100x80000000000000004021149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325255bf89e570bd2021-12-22 12:44:57.444root 11241100x80000000000000004021150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e6b060120dce942021-12-22 12:44:57.444root 11241100x80000000000000004021151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7b707f96951d972021-12-22 12:44:57.444root 11241100x80000000000000004021152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cf3d23436ddf282021-12-22 12:44:57.444root 11241100x80000000000000004021153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e8e25c3214c5ef2021-12-22 12:44:57.444root 11241100x80000000000000004021154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5054b3549dfa23452021-12-22 12:44:57.445root 11241100x80000000000000004021155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4b8cdf50b4c0232021-12-22 12:44:57.445root 11241100x80000000000000004021156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef268de5a72edd5e2021-12-22 12:44:57.445root 11241100x80000000000000004021157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff2ed33d535a1302021-12-22 12:44:57.445root 11241100x80000000000000004021158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c57a315084f26f2021-12-22 12:44:57.445root 11241100x80000000000000004021159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa73b0fb94d7cc82021-12-22 12:44:57.445root 11241100x80000000000000004021160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653f1b5873cae3d62021-12-22 12:44:57.445root 11241100x80000000000000004021161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70a1531a66769da2021-12-22 12:44:57.445root 11241100x80000000000000004021162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f912dd24664b3fcc2021-12-22 12:44:57.445root 11241100x80000000000000004021163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df62a0b6ad12b3432021-12-22 12:44:57.445root 11241100x80000000000000004021164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c96eabd91b8b1a2021-12-22 12:44:57.446root 11241100x80000000000000004021165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd4508861a6d88a2021-12-22 12:44:57.446root 11241100x80000000000000004021166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8727f36d34c4ba7c2021-12-22 12:44:57.446root 11241100x80000000000000004021167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e2aaba925f2f3b2021-12-22 12:44:57.446root 11241100x80000000000000004021168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f0986d14e0a002021-12-22 12:44:57.446root 11241100x80000000000000004021169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fdfe3c5769f3972021-12-22 12:44:57.446root 11241100x80000000000000004021170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9422a1126f8cfd02021-12-22 12:44:57.446root 11241100x80000000000000004021171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3cc25f2edb2afb2021-12-22 12:44:57.446root 11241100x80000000000000004021172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880068b203d017682021-12-22 12:44:57.446root 11241100x80000000000000004021173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea598b01e9c43f402021-12-22 12:44:57.446root 11241100x80000000000000004021174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e5f56b80fdfebe2021-12-22 12:44:57.447root 11241100x80000000000000004021175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbbb4a9fd91a14b2021-12-22 12:44:57.447root 11241100x80000000000000004021176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94770224ef475e102021-12-22 12:44:57.447root 11241100x80000000000000004021177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bd2f12d88e89902021-12-22 12:44:57.447root 11241100x80000000000000004021178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30db5f3661c379ca2021-12-22 12:44:57.448root 11241100x80000000000000004021179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f37d43e075b8f32021-12-22 12:44:57.448root 11241100x80000000000000004021180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5383c969dca8ceeb2021-12-22 12:44:57.449root 11241100x80000000000000004021181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448e94a9132c68692021-12-22 12:44:57.449root 11241100x80000000000000004021182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220d2916b5e997652021-12-22 12:44:57.450root 11241100x80000000000000004021183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83054e5f67b0eeeb2021-12-22 12:44:57.450root 11241100x80000000000000004021184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a153e2a9c4aaa02b2021-12-22 12:44:57.450root 11241100x80000000000000004021185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f848fb5715c9dff02021-12-22 12:44:57.450root 11241100x80000000000000004021186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a21f0456ac733d2021-12-22 12:44:57.451root 11241100x80000000000000004021187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609dcf3ef57f56822021-12-22 12:44:57.451root 11241100x80000000000000004021188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05f8acb5f3a00552021-12-22 12:44:57.451root 11241100x80000000000000004021189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e103e4b15e4c4742021-12-22 12:44:57.451root 11241100x80000000000000004021190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49a3bbb30de69742021-12-22 12:44:57.452root 11241100x80000000000000004021191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e33f44743755fe2021-12-22 12:44:57.452root 11241100x80000000000000004021192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d0952ce25ed64a2021-12-22 12:44:57.452root 11241100x80000000000000004021193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8902f62bf1751762021-12-22 12:44:57.943root 11241100x80000000000000004021194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6d90153829ac152021-12-22 12:44:57.943root 11241100x80000000000000004021195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056e7514fcc2c1972021-12-22 12:44:57.943root 11241100x80000000000000004021196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15b89d3fd77a2cb2021-12-22 12:44:57.943root 11241100x80000000000000004021197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d673e2ecd5bb982021-12-22 12:44:57.944root 11241100x80000000000000004021198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45876352522505722021-12-22 12:44:57.944root 11241100x80000000000000004021199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f1851937d6ac5f2021-12-22 12:44:57.944root 11241100x80000000000000004021200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad39235c72f093ad2021-12-22 12:44:57.944root 11241100x80000000000000004021201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60209488715d7c22021-12-22 12:44:57.944root 11241100x80000000000000004021202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd88e9a065e3238a2021-12-22 12:44:57.944root 11241100x80000000000000004021203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efa08e2006a58fc2021-12-22 12:44:57.945root 11241100x80000000000000004021204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c46a20f698b2c412021-12-22 12:44:57.945root 11241100x80000000000000004021205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcc952b9676c99a2021-12-22 12:44:57.945root 11241100x80000000000000004021206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c457d3d1e3519a2021-12-22 12:44:57.945root 11241100x80000000000000004021207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cd3afcc51d7efb2021-12-22 12:44:57.945root 11241100x80000000000000004021208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e10d7d0df333ea2021-12-22 12:44:57.945root 11241100x80000000000000004021209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bf64dca552b38f2021-12-22 12:44:57.945root 11241100x80000000000000004021210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9d90959a39ef122021-12-22 12:44:57.945root 11241100x80000000000000004021211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308ec3b67f83e3512021-12-22 12:44:57.945root 11241100x80000000000000004021212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fb3c1f96b049f92021-12-22 12:44:57.945root 11241100x80000000000000004021213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0077c57644c6f8882021-12-22 12:44:57.945root 11241100x80000000000000004021214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5766b9dea0a52682021-12-22 12:44:57.946root 11241100x80000000000000004021215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e7ee84d6e99fc62021-12-22 12:44:57.946root 11241100x80000000000000004021216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1817a73458257b2021-12-22 12:44:57.946root 11241100x80000000000000004021217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0a820f6d3a712c2021-12-22 12:44:57.946root 11241100x80000000000000004021218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cfa31315891c6c2021-12-22 12:44:57.946root 11241100x80000000000000004021219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3d6bb0989d4b172021-12-22 12:44:57.946root 11241100x80000000000000004021220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc83fa35d43bf892021-12-22 12:44:57.947root 11241100x80000000000000004021221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f1d0e61b9cde5b2021-12-22 12:44:57.947root 11241100x80000000000000004021222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4616548f3b3c0e9f2021-12-22 12:44:57.947root 11241100x80000000000000004021223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2409f020a566be2021-12-22 12:44:57.947root 11241100x80000000000000004021224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49a4b573fd13e0f2021-12-22 12:44:57.948root 11241100x80000000000000004021225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b910a70740fed98c2021-12-22 12:44:57.948root 11241100x80000000000000004021226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ec90e5df9504902021-12-22 12:44:57.948root 11241100x80000000000000004021227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef32cf2c4896b792021-12-22 12:44:57.948root 11241100x80000000000000004021228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a99b33c268feb532021-12-22 12:44:57.949root 11241100x80000000000000004021229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8981168206e2f52021-12-22 12:44:57.949root 11241100x80000000000000004021230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4332c5f439cd5af42021-12-22 12:44:57.949root 11241100x80000000000000004021231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f014d3094b21b97b2021-12-22 12:44:57.949root 11241100x80000000000000004021232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2add852dd83941e92021-12-22 12:44:57.949root 11241100x80000000000000004021233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28925f09f5cacffe2021-12-22 12:44:57.949root 11241100x80000000000000004021234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2db1bbd2231ea372021-12-22 12:44:57.950root 11241100x80000000000000004021235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69c956fa1a8b9f72021-12-22 12:44:57.950root 11241100x80000000000000004021236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21367c14af070bf02021-12-22 12:44:58.443root 11241100x80000000000000004021237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51c9f73dd41d0ff2021-12-22 12:44:58.443root 11241100x80000000000000004021238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb909d3148910e22021-12-22 12:44:58.443root 11241100x80000000000000004021239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819a8bc422d903a12021-12-22 12:44:58.443root 11241100x80000000000000004021240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e83fc08510ef7a32021-12-22 12:44:58.443root 11241100x80000000000000004021241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580cb2866685a53c2021-12-22 12:44:58.444root 11241100x80000000000000004021242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0322b31d5b0f8b32021-12-22 12:44:58.444root 11241100x80000000000000004021243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5b2e0b417d12dd2021-12-22 12:44:58.444root 11241100x80000000000000004021244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d407ea375effe162021-12-22 12:44:58.444root 11241100x80000000000000004021245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e034e5b40e774e2021-12-22 12:44:58.444root 11241100x80000000000000004021246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdea6b9cd2d83332021-12-22 12:44:58.444root 11241100x80000000000000004021247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe57d7b10978c0a2021-12-22 12:44:58.444root 11241100x80000000000000004021248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d3f59b4e812c2d2021-12-22 12:44:58.444root 11241100x80000000000000004021249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3b7a3b9aa3610a2021-12-22 12:44:58.444root 11241100x80000000000000004021250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcb26a8a86799b82021-12-22 12:44:58.444root 11241100x80000000000000004021251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8444e9f12705012021-12-22 12:44:58.445root 11241100x80000000000000004021252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c70cd5e1964f612021-12-22 12:44:58.445root 11241100x80000000000000004021253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7125cd8414eec12021-12-22 12:44:58.445root 11241100x80000000000000004021254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b37b55be75e53f2021-12-22 12:44:58.445root 11241100x80000000000000004021255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f775e69ac0e1007a2021-12-22 12:44:58.445root 11241100x80000000000000004021256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1b8ff4b22173ce2021-12-22 12:44:58.445root 11241100x80000000000000004021257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8034df676957c842021-12-22 12:44:58.445root 11241100x80000000000000004021258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525de47e5ab174972021-12-22 12:44:58.445root 11241100x80000000000000004021259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5ea629d48ddc032021-12-22 12:44:58.445root 11241100x80000000000000004021260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c3331b0831c5992021-12-22 12:44:58.445root 11241100x80000000000000004021261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5dce866c7a03ee2021-12-22 12:44:58.446root 11241100x80000000000000004021262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b720e19ce70f8c982021-12-22 12:44:58.446root 11241100x80000000000000004021263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d62400e49fd56a82021-12-22 12:44:58.446root 11241100x80000000000000004021264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b51294efe4280d02021-12-22 12:44:58.446root 11241100x80000000000000004021265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10616c5ea85e0ad52021-12-22 12:44:58.446root 11241100x80000000000000004021266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae69ba965801aeea2021-12-22 12:44:58.446root 11241100x80000000000000004021267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126693ddd987ebf02021-12-22 12:44:58.446root 11241100x80000000000000004021268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7431f37d59c1670f2021-12-22 12:44:58.446root 11241100x80000000000000004021269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b34602c25eaab322021-12-22 12:44:58.446root 11241100x80000000000000004021270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47a532b2b250fea2021-12-22 12:44:58.446root 11241100x80000000000000004021271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d782bc966c5856722021-12-22 12:44:58.447root 11241100x80000000000000004021272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638a9024af5113c22021-12-22 12:44:58.447root 11241100x80000000000000004021273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9719fc0ccda0ab872021-12-22 12:44:58.447root 11241100x80000000000000004021274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b96395eb35554e72021-12-22 12:44:58.447root 11241100x80000000000000004021275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1178693ae813b02d2021-12-22 12:44:58.447root 11241100x80000000000000004021276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb041ee3ac84fdb22021-12-22 12:44:58.447root 11241100x80000000000000004021277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb559582c3380882021-12-22 12:44:58.447root 11241100x80000000000000004021278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91e5a83427d4b802021-12-22 12:44:58.447root 11241100x80000000000000004021279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e83de621ce9a3f72021-12-22 12:44:58.447root 11241100x80000000000000004021280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d2cfc0bee564a62021-12-22 12:44:58.447root 11241100x80000000000000004021281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec19fc748c7a24a2021-12-22 12:44:58.447root 11241100x80000000000000004021282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0bdc37be98bacd2021-12-22 12:44:58.448root 11241100x80000000000000004021283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a3fcf5088206bd2021-12-22 12:44:58.448root 11241100x80000000000000004021284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423f56e68a28765d2021-12-22 12:44:58.448root 11241100x80000000000000004021285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4ca9baa82e36ce2021-12-22 12:44:58.448root 11241100x80000000000000004021286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d797432df0ef1742021-12-22 12:44:58.943root 11241100x80000000000000004021287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecc8a0f3caffb5e2021-12-22 12:44:58.943root 11241100x80000000000000004021288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98362205be9b0e1a2021-12-22 12:44:58.943root 11241100x80000000000000004021289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d81f6dbe5d72cdb2021-12-22 12:44:58.943root 11241100x80000000000000004021290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af0b4fbea51666d2021-12-22 12:44:58.943root 11241100x80000000000000004021291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bed17eb5784f5b2021-12-22 12:44:58.944root 11241100x80000000000000004021292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047e681eaa40a5722021-12-22 12:44:58.944root 11241100x80000000000000004021293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ba7427882f93782021-12-22 12:44:58.944root 11241100x80000000000000004021294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a167494b3426642021-12-22 12:44:58.944root 11241100x80000000000000004021295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d852fa1e916c1c2021-12-22 12:44:58.944root 11241100x80000000000000004021296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786e2cb85f1430b32021-12-22 12:44:58.944root 11241100x80000000000000004021297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dbd8d681d433902021-12-22 12:44:58.944root 11241100x80000000000000004021298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2234f58a35ae75c2021-12-22 12:44:58.944root 11241100x80000000000000004021299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9be6af3f3813e82021-12-22 12:44:58.944root 11241100x80000000000000004021300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d18f5061ef44442021-12-22 12:44:58.944root 11241100x80000000000000004021301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58335981561e4ea62021-12-22 12:44:58.944root 11241100x80000000000000004021302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4904fac00e23434d2021-12-22 12:44:58.944root 11241100x80000000000000004021303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce44fab374b7c3ce2021-12-22 12:44:58.944root 11241100x80000000000000004021304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93241fa04e54b9522021-12-22 12:44:58.944root 11241100x80000000000000004021305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0c78c0144822d72021-12-22 12:44:58.944root 11241100x80000000000000004021306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41eb63134eae1a952021-12-22 12:44:58.945root 11241100x80000000000000004021307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932bfca07ee48ce92021-12-22 12:44:58.945root 11241100x80000000000000004021308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1d4ac4a16327d92021-12-22 12:44:58.945root 11241100x80000000000000004021309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8276b29fed406062021-12-22 12:44:58.945root 11241100x80000000000000004021310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c518dfcc86e5bce62021-12-22 12:44:58.945root 11241100x80000000000000004021311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a49751b259ddb422021-12-22 12:44:58.945root 11241100x80000000000000004021312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb74fce6f7f7cabd2021-12-22 12:44:58.945root 11241100x80000000000000004021313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4f00b47ffa454b2021-12-22 12:44:58.945root 11241100x80000000000000004021314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0479e99386b089762021-12-22 12:44:58.945root 11241100x80000000000000004021315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732e4b1bd25285ca2021-12-22 12:44:58.945root 11241100x80000000000000004021316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98df4bd552cc80bf2021-12-22 12:44:58.945root 11241100x80000000000000004021317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b45f09c0ad61c92021-12-22 12:44:58.945root 11241100x80000000000000004021318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af17fc0da77538b2021-12-22 12:44:58.945root 11241100x80000000000000004021319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b555c9cefddc5a2021-12-22 12:44:58.945root 11241100x80000000000000004021320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e02302b75b622de2021-12-22 12:44:58.945root 11241100x80000000000000004021321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9494b5d85a3e62df2021-12-22 12:44:58.945root 11241100x80000000000000004021322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2068b9703b165b902021-12-22 12:44:58.946root 11241100x80000000000000004021323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea7389eac87cf922021-12-22 12:44:58.946root 11241100x80000000000000004021324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1614f462652f622021-12-22 12:44:58.946root 11241100x80000000000000004021325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b194333387638e62021-12-22 12:44:58.946root 11241100x80000000000000004021326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238bf2aeaa64ac862021-12-22 12:44:58.946root 11241100x80000000000000004021327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7829258adf02d52021-12-22 12:44:58.946root 11241100x80000000000000004021328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d864be60a5ae1d92021-12-22 12:44:58.946root 11241100x80000000000000004021329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653b7c9dad5c316b2021-12-22 12:44:58.946root 11241100x80000000000000004021330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69111eec205a1892021-12-22 12:44:58.946root 11241100x80000000000000004021331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4013da900e0ef1652021-12-22 12:44:59.443root 11241100x80000000000000004021332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7853d92b934b3a0b2021-12-22 12:44:59.443root 11241100x80000000000000004021333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e10c961c901b8e2021-12-22 12:44:59.443root 11241100x80000000000000004021334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7b49b53636dad52021-12-22 12:44:59.443root 11241100x80000000000000004021335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e99824d00ea5da2021-12-22 12:44:59.443root 11241100x80000000000000004021336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe1b6c2f7fb98a2021-12-22 12:44:59.443root 11241100x80000000000000004021337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7ae98a768913ca2021-12-22 12:44:59.443root 11241100x80000000000000004021338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6ba5467a913d842021-12-22 12:44:59.444root 11241100x80000000000000004021339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fac98a67de01442021-12-22 12:44:59.444root 11241100x80000000000000004021340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8bb231110214232021-12-22 12:44:59.444root 11241100x80000000000000004021341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d961cc15ba4ffd2021-12-22 12:44:59.444root 11241100x80000000000000004021342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48f5be3ac2ce5cb2021-12-22 12:44:59.444root 11241100x80000000000000004021343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0433cb6120818b2021-12-22 12:44:59.444root 11241100x80000000000000004021344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f28cadc0a6acb922021-12-22 12:44:59.445root 11241100x80000000000000004021345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb62fc8c1ce004a42021-12-22 12:44:59.445root 11241100x80000000000000004021346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d477fb53011d8b72021-12-22 12:44:59.445root 11241100x80000000000000004021347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f161410add2ec732021-12-22 12:44:59.445root 11241100x80000000000000004021348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8849cf86f631cb4a2021-12-22 12:44:59.446root 11241100x80000000000000004021349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f43d0c1e30b978b2021-12-22 12:44:59.446root 11241100x80000000000000004021350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d3b9a7a904dba72021-12-22 12:44:59.446root 11241100x80000000000000004021351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ca66842078fe4e2021-12-22 12:44:59.446root 11241100x80000000000000004021352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d3e0ee940e84162021-12-22 12:44:59.446root 11241100x80000000000000004021353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7847f8626c6bf62021-12-22 12:44:59.447root 11241100x80000000000000004021354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628c3293ee2ee6fe2021-12-22 12:44:59.447root 11241100x80000000000000004021355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bd417a975845c32021-12-22 12:44:59.447root 11241100x80000000000000004021356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f38cd2701640b712021-12-22 12:44:59.448root 11241100x80000000000000004021357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5102bf7516dcd68f2021-12-22 12:44:59.448root 11241100x80000000000000004021358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250bca3304be75d02021-12-22 12:44:59.448root 11241100x80000000000000004021359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0460a00d67a2f6ba2021-12-22 12:44:59.448root 11241100x80000000000000004021360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1554223793657f702021-12-22 12:44:59.448root 11241100x80000000000000004021361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19fc014cdeca1a42021-12-22 12:44:59.449root 11241100x80000000000000004021362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42baae88e15d56e92021-12-22 12:44:59.449root 11241100x80000000000000004021363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160c909ca4ce610b2021-12-22 12:44:59.449root 11241100x80000000000000004021364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8008481b806777f2021-12-22 12:44:59.449root 11241100x80000000000000004021365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce14e8f150c4f1f2021-12-22 12:44:59.449root 11241100x80000000000000004021366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51ed34a14f568c52021-12-22 12:44:59.449root 11241100x80000000000000004021367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf2d985982d78a42021-12-22 12:44:59.449root 11241100x80000000000000004021368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7627ca2809c0e52021-12-22 12:44:59.449root 11241100x80000000000000004021369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dd8fdbbe8d8c7a2021-12-22 12:44:59.450root 11241100x80000000000000004021370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1601faaacf033a5d2021-12-22 12:44:59.450root 11241100x80000000000000004021371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ab81d6343428a62021-12-22 12:44:59.450root 11241100x80000000000000004021372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba90aa09e4fe57be2021-12-22 12:44:59.450root 11241100x80000000000000004021373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43df8cd5781a62852021-12-22 12:44:59.450root 11241100x80000000000000004021374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e068adf91f246c2021-12-22 12:44:59.450root 11241100x80000000000000004021375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fc6a8a631ff9a72021-12-22 12:44:59.450root 11241100x80000000000000004021376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e884feb381b71962021-12-22 12:44:59.451root 11241100x80000000000000004021377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fbe3463c21d76c2021-12-22 12:44:59.451root 11241100x80000000000000004021378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa81ac07ee2be0762021-12-22 12:44:59.451root 11241100x80000000000000004021379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68336423c62cd772021-12-22 12:44:59.451root 11241100x80000000000000004021380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ca4e0017921a362021-12-22 12:44:59.451root 11241100x80000000000000004021381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5200cbd28f03ed2021-12-22 12:44:59.451root 11241100x80000000000000004021382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bae37cdf8d6294e2021-12-22 12:44:59.451root 11241100x80000000000000004021383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c86dcced57d1dc2021-12-22 12:44:59.451root 11241100x80000000000000004021384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b3508623ac30ce2021-12-22 12:44:59.451root 11241100x80000000000000004021385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbadc58be629b7c2021-12-22 12:44:59.452root 11241100x80000000000000004021386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f739691b77d4362021-12-22 12:44:59.943root 11241100x80000000000000004021387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65599ad1a6c87a162021-12-22 12:44:59.943root 11241100x80000000000000004021388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2972d03b1c5710e2021-12-22 12:44:59.943root 11241100x80000000000000004021389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c445d304308215152021-12-22 12:44:59.943root 11241100x80000000000000004021390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d10fbb7dd14c5c12021-12-22 12:44:59.944root 11241100x80000000000000004021391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698637b7666584562021-12-22 12:44:59.944root 11241100x80000000000000004021392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e255131b7b4ef9f2021-12-22 12:44:59.944root 11241100x80000000000000004021393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611b21eb4634b36d2021-12-22 12:44:59.944root 11241100x80000000000000004021394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a64b432106daa412021-12-22 12:44:59.944root 11241100x80000000000000004021395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dd49b3887221de2021-12-22 12:44:59.944root 11241100x80000000000000004021396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f52aaa203da02ba2021-12-22 12:44:59.944root 11241100x80000000000000004021397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02d4e0ac2b84a532021-12-22 12:44:59.944root 11241100x80000000000000004021398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abd9fbb5dda39c82021-12-22 12:44:59.944root 11241100x80000000000000004021399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bf904f6beb3b7d2021-12-22 12:44:59.944root 11241100x80000000000000004021400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dfff1b3840ec302021-12-22 12:44:59.944root 11241100x80000000000000004021401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba375d6660719f2021-12-22 12:44:59.944root 11241100x80000000000000004021402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8e5177470454f92021-12-22 12:44:59.944root 11241100x80000000000000004021403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf86f9edff572e62021-12-22 12:44:59.945root 11241100x80000000000000004021404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6765e3ff57a0d8fd2021-12-22 12:44:59.945root 11241100x80000000000000004021405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9cd1f38bdaf3622021-12-22 12:44:59.945root 11241100x80000000000000004021406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca286760de329562021-12-22 12:44:59.945root 11241100x80000000000000004021407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c361ccf2e411f92021-12-22 12:44:59.945root 11241100x80000000000000004021408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9878c2b1f2488aec2021-12-22 12:44:59.945root 11241100x80000000000000004021409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206c59dee0734e732021-12-22 12:44:59.945root 11241100x80000000000000004021410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0045efc498c650e32021-12-22 12:44:59.945root 11241100x80000000000000004021411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a50450600cc87f2021-12-22 12:44:59.945root 11241100x80000000000000004021412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ec0f5f89ff05f82021-12-22 12:44:59.946root 11241100x80000000000000004021413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807b279161ea7b242021-12-22 12:44:59.946root 11241100x80000000000000004021414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a2680487107e682021-12-22 12:44:59.946root 11241100x80000000000000004021415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9979d019937f042021-12-22 12:44:59.946root 11241100x80000000000000004021416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b194424d356b56132021-12-22 12:44:59.946root 11241100x80000000000000004021417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618e115308871a012021-12-22 12:44:59.946root 11241100x80000000000000004021418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373ae102a286c65a2021-12-22 12:44:59.946root 11241100x80000000000000004021419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2255b793c6272c3d2021-12-22 12:44:59.946root 11241100x80000000000000004021420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c9120451f1522f2021-12-22 12:44:59.947root 11241100x80000000000000004021421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ed32f4079e15592021-12-22 12:44:59.947root 11241100x80000000000000004021422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08efb8cf9c3be04d2021-12-22 12:44:59.947root 11241100x80000000000000004021423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c600bf80d7b6248f2021-12-22 12:44:59.947root 11241100x80000000000000004021424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3211be82302a722021-12-22 12:44:59.947root 11241100x80000000000000004021425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3f9ecaa09695012021-12-22 12:44:59.947root 11241100x80000000000000004021426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a41195042540c32021-12-22 12:44:59.947root 11241100x80000000000000004021427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf07f4c506f5a2f2021-12-22 12:44:59.948root 11241100x80000000000000004021428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01ac7330c8a5d302021-12-22 12:44:59.948root 11241100x80000000000000004021429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38ec275be48b0c72021-12-22 12:44:59.948root 11241100x80000000000000004021430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbfc3c8b6e112c12021-12-22 12:44:59.948root 11241100x80000000000000004021431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5806dca2330424ee2021-12-22 12:44:59.948root 11241100x80000000000000004021432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fedfebd8c4a8592021-12-22 12:44:59.948root 11241100x80000000000000004021433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a669acf46291edef2021-12-22 12:44:59.948root 11241100x80000000000000004021434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7750e7fb77b920b2021-12-22 12:44:59.948root 11241100x80000000000000004021435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01893d4118656bc2021-12-22 12:44:59.948root 11241100x80000000000000004021436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2e53e537e190dc2021-12-22 12:44:59.948root 11241100x80000000000000004021437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d57a1e2cac9df02021-12-22 12:44:59.949root 11241100x80000000000000004021438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f15f686de492dcc2021-12-22 12:44:59.949root 11241100x80000000000000004021439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88914fc2a4b5d1d2021-12-22 12:44:59.949root 11241100x80000000000000004021440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7bcc3d15e608f92021-12-22 12:44:59.949root 11241100x80000000000000004021441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208227fdc06bf3be2021-12-22 12:44:59.949root 11241100x80000000000000004021442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f612c72cbe3245ac2021-12-22 12:44:59.949root 11241100x80000000000000004021443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693dea559254118c2021-12-22 12:44:59.949root 11241100x80000000000000004021444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab9ce4ddb96f04e2021-12-22 12:44:59.949root 11241100x80000000000000004021445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d73fd93bc88b33c2021-12-22 12:44:59.949root 11241100x80000000000000004021446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdaa145c9f10bf22021-12-22 12:44:59.949root 11241100x80000000000000004021447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a35f788e52cb8e2021-12-22 12:45:00.443root 11241100x80000000000000004021448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f6c75509a8a13a2021-12-22 12:45:00.443root 11241100x80000000000000004021449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7b1068c90dac172021-12-22 12:45:00.443root 11241100x80000000000000004021450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906ca89c1a78c5e52021-12-22 12:45:00.444root 11241100x80000000000000004021451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656ff305184692c62021-12-22 12:45:00.444root 11241100x80000000000000004021452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01f5571f99541b72021-12-22 12:45:00.444root 11241100x80000000000000004021453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50c34ceda44491c2021-12-22 12:45:00.444root 11241100x80000000000000004021454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6256d4c77171703d2021-12-22 12:45:00.444root 11241100x80000000000000004021455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee4bbd122701bfd2021-12-22 12:45:00.444root 11241100x80000000000000004021456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9de9c376c8bb7202021-12-22 12:45:00.444root 11241100x80000000000000004021457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6315686e43c0c92021-12-22 12:45:00.444root 11241100x80000000000000004021458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48286ad2ef137c702021-12-22 12:45:00.445root 11241100x80000000000000004021459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dca9a09edb99a0a2021-12-22 12:45:00.445root 11241100x80000000000000004021460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1b297c5298a37c2021-12-22 12:45:00.445root 11241100x80000000000000004021461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecacfe8bfd3af1b12021-12-22 12:45:00.445root 11241100x80000000000000004021462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82840445401fd71b2021-12-22 12:45:00.445root 11241100x80000000000000004021463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3dda1bf85e9e3f2021-12-22 12:45:00.445root 11241100x80000000000000004021464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9000b80b0dcd856f2021-12-22 12:45:00.445root 11241100x80000000000000004021465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76eb527f94bf53f02021-12-22 12:45:00.445root 11241100x80000000000000004021466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7739ddb1b1449162021-12-22 12:45:00.446root 11241100x80000000000000004021467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634a95ac47715dde2021-12-22 12:45:00.446root 11241100x80000000000000004021468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f8684b0ec332412021-12-22 12:45:00.446root 11241100x80000000000000004021469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a87f1dcea9690f2021-12-22 12:45:00.446root 11241100x80000000000000004021470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938f6b6e66ca83582021-12-22 12:45:00.446root 11241100x80000000000000004021471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb9cd72551ed2d32021-12-22 12:45:00.446root 11241100x80000000000000004021472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244748c8ea7c5c692021-12-22 12:45:00.446root 11241100x80000000000000004021473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02010a05cf866c262021-12-22 12:45:00.447root 11241100x80000000000000004021474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fd581560bae8042021-12-22 12:45:00.447root 11241100x80000000000000004021475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f2b02aec5d3aaf2021-12-22 12:45:00.447root 11241100x80000000000000004021476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ad937d568c5dce2021-12-22 12:45:00.447root 11241100x80000000000000004021477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba3658a3a693f692021-12-22 12:45:00.447root 11241100x80000000000000004021478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8bf2b64b1b57b92021-12-22 12:45:00.447root 11241100x80000000000000004021479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c961fc0c70f1ee12021-12-22 12:45:00.447root 11241100x80000000000000004021480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544d562adab2a6812021-12-22 12:45:00.447root 11241100x80000000000000004021481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd9257d890d4db02021-12-22 12:45:00.447root 11241100x80000000000000004021482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c10de58a5a72d02021-12-22 12:45:00.448root 11241100x80000000000000004021483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5634236f2a390ca52021-12-22 12:45:00.448root 11241100x80000000000000004021484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e05171f4b557a32021-12-22 12:45:00.448root 11241100x80000000000000004021485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f4a376c2d201752021-12-22 12:45:00.449root 11241100x80000000000000004021486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d33833558bce872021-12-22 12:45:00.449root 11241100x80000000000000004021487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d61ec7520a047392021-12-22 12:45:00.449root 11241100x80000000000000004021488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925cd9c495106e112021-12-22 12:45:00.449root 11241100x80000000000000004021489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a358cea805a2ea2021-12-22 12:45:00.449root 11241100x80000000000000004021490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9144748eb87007c92021-12-22 12:45:00.449root 11241100x80000000000000004021491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894f195a4e9ca0992021-12-22 12:45:00.449root 11241100x80000000000000004021492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bb4f76b298600a2021-12-22 12:45:00.449root 11241100x80000000000000004021493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d351863995a1289c2021-12-22 12:45:00.943root 11241100x80000000000000004021494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88ef3f4b27299fd2021-12-22 12:45:00.943root 11241100x80000000000000004021495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0b3545d3bc289c2021-12-22 12:45:00.943root 11241100x80000000000000004021496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f16e3b68765f7422021-12-22 12:45:00.944root 11241100x80000000000000004021497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1867e9ae480677f42021-12-22 12:45:00.944root 11241100x80000000000000004021498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be43da9bbbe5e102021-12-22 12:45:00.944root 11241100x80000000000000004021499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791910496eab9edd2021-12-22 12:45:00.944root 11241100x80000000000000004021500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b82fd8fef47b712021-12-22 12:45:00.944root 11241100x80000000000000004021501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73be02f8d6d203eb2021-12-22 12:45:00.944root 11241100x80000000000000004021502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33825f59d27ce67f2021-12-22 12:45:00.944root 11241100x80000000000000004021503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea020bb089611352021-12-22 12:45:00.944root 11241100x80000000000000004021504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b50ae83dd7e50152021-12-22 12:45:00.944root 11241100x80000000000000004021505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d2597b962904eb2021-12-22 12:45:00.944root 11241100x80000000000000004021506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c034eafd3b53c8002021-12-22 12:45:00.944root 11241100x80000000000000004021507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c68ca90564840432021-12-22 12:45:00.945root 11241100x80000000000000004021508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2643bd1d5c1feee82021-12-22 12:45:00.945root 11241100x80000000000000004021509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e87c4fea01898f2021-12-22 12:45:00.945root 11241100x80000000000000004021510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707201b2a9ec456c2021-12-22 12:45:00.945root 11241100x80000000000000004021511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce2d29225cb324b2021-12-22 12:45:00.945root 11241100x80000000000000004021512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de231925241801bb2021-12-22 12:45:00.945root 11241100x80000000000000004021513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c88e5cfbacdf622021-12-22 12:45:00.945root 11241100x80000000000000004021514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33823ff5c2b120d2021-12-22 12:45:00.945root 11241100x80000000000000004021515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe28bad7dc1d33d2021-12-22 12:45:00.946root 11241100x80000000000000004021516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5fa596b145b1692021-12-22 12:45:00.946root 11241100x80000000000000004021517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f207bbf690defaf2021-12-22 12:45:00.946root 11241100x80000000000000004021518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d5fb7dd3fa410f2021-12-22 12:45:00.946root 11241100x80000000000000004021519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74c72e9dee615772021-12-22 12:45:00.946root 11241100x80000000000000004021520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b640d132fd98031a2021-12-22 12:45:00.946root 11241100x80000000000000004021521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c965eeb8cc1fd4be2021-12-22 12:45:00.946root 11241100x80000000000000004021522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c438f47d1d480b0f2021-12-22 12:45:00.946root 11241100x80000000000000004021523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445b3559059ad9632021-12-22 12:45:00.946root 11241100x80000000000000004021524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7113816fc463df2021-12-22 12:45:00.947root 11241100x80000000000000004021525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c327fcabfa51d9a82021-12-22 12:45:00.947root 11241100x80000000000000004021526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b4b9c18cce07692021-12-22 12:45:00.947root 11241100x80000000000000004021527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69834f42bb0ce262021-12-22 12:45:00.947root 11241100x80000000000000004021528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707e49065e218e752021-12-22 12:45:00.947root 11241100x80000000000000004021529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f946b79f728a7cb82021-12-22 12:45:00.947root 11241100x80000000000000004021530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f98b9656fd85f4b2021-12-22 12:45:00.947root 11241100x80000000000000004021531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f759e90580b91df32021-12-22 12:45:00.947root 11241100x80000000000000004021532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7804f9130e484e2b2021-12-22 12:45:00.948root 11241100x80000000000000004021533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fb19276d0fae9f2021-12-22 12:45:00.948root 11241100x80000000000000004021534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df83136dd3312ed12021-12-22 12:45:00.948root 11241100x80000000000000004021535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb445ad689122e62021-12-22 12:45:00.948root 11241100x80000000000000004021536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2c32d47ccbb9762021-12-22 12:45:00.948root 11241100x80000000000000004021537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa600e5f362aa8692021-12-22 12:45:00.948root 11241100x80000000000000004021538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69005b4bfa5789cb2021-12-22 12:45:00.948root 11241100x80000000000000004021539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d13a0fd38ff7192021-12-22 12:45:00.948root 11241100x80000000000000004021540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92b95abf9344fcb2021-12-22 12:45:00.948root 11241100x80000000000000004021541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d6dfc5049a5ec62021-12-22 12:45:00.948root 354300x80000000000000004021542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.063{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56852-false10.0.1.12-8000- 11241100x80000000000000004021543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b92e5a4e8efc4f2021-12-22 12:45:01.443root 11241100x80000000000000004021544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c9a26fb72ea2c32021-12-22 12:45:01.443root 11241100x80000000000000004021545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d29dba0e531ebac2021-12-22 12:45:01.443root 11241100x80000000000000004021546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3138e4a6a2a1f1312021-12-22 12:45:01.444root 11241100x80000000000000004021547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2a35ff5debeac62021-12-22 12:45:01.444root 11241100x80000000000000004021548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b2d1b5c8b7a4102021-12-22 12:45:01.444root 11241100x80000000000000004021549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc59325e4d7cff652021-12-22 12:45:01.444root 11241100x80000000000000004021550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a373826b0329eaa2021-12-22 12:45:01.444root 11241100x80000000000000004021551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8b8e24e9f5a24c2021-12-22 12:45:01.444root 11241100x80000000000000004021552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f312ba312c8669432021-12-22 12:45:01.444root 11241100x80000000000000004021553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d699562d8fda7d2021-12-22 12:45:01.444root 11241100x80000000000000004021554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ffc0a4792d95502021-12-22 12:45:01.445root 11241100x80000000000000004021555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4e06476fb145b72021-12-22 12:45:01.445root 11241100x80000000000000004021556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f22245a54dece72021-12-22 12:45:01.445root 11241100x80000000000000004021557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52699da1428955592021-12-22 12:45:01.445root 11241100x80000000000000004021558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654acfc84f5f3dfa2021-12-22 12:45:01.446root 11241100x80000000000000004021559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5c6a20e78657072021-12-22 12:45:01.446root 11241100x80000000000000004021560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b12bab875b277b2021-12-22 12:45:01.446root 11241100x80000000000000004021561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab60d993238080d62021-12-22 12:45:01.446root 11241100x80000000000000004021562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3b3fb9c6eb55d22021-12-22 12:45:01.446root 11241100x80000000000000004021563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0ba163744763892021-12-22 12:45:01.446root 11241100x80000000000000004021564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0063c0e658b1e0f2021-12-22 12:45:01.447root 11241100x80000000000000004021565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1065fd77b9355e972021-12-22 12:45:01.447root 11241100x80000000000000004021566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4097ecae432b569d2021-12-22 12:45:01.447root 11241100x80000000000000004021567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3b47e3b2ef67492021-12-22 12:45:01.447root 11241100x80000000000000004021568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf080edeaa85e082021-12-22 12:45:01.447root 11241100x80000000000000004021569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61cec550648b7d92021-12-22 12:45:01.447root 11241100x80000000000000004021570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1185e7f8d9470e2021-12-22 12:45:01.447root 11241100x80000000000000004021571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822a55481b914a8f2021-12-22 12:45:01.447root 11241100x80000000000000004021572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990bcb8dd0ae84342021-12-22 12:45:01.447root 11241100x80000000000000004021573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c528f81f6a4dc22021-12-22 12:45:01.447root 11241100x80000000000000004021574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d36cbff461ae9fd2021-12-22 12:45:01.447root 11241100x80000000000000004021575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aad206f7b93d572021-12-22 12:45:01.448root 11241100x80000000000000004021576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91f7bb6c7924d952021-12-22 12:45:01.448root 11241100x80000000000000004021577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9292286094f0412021-12-22 12:45:01.449root 11241100x80000000000000004021578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7174ca6f65de99b12021-12-22 12:45:01.449root 11241100x80000000000000004021579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd60b174a2c8b5d02021-12-22 12:45:01.449root 11241100x80000000000000004021580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d231ff220465132021-12-22 12:45:01.449root 11241100x80000000000000004021581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbb50669f5ff1442021-12-22 12:45:01.449root 11241100x80000000000000004021582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31acd9e527885fc12021-12-22 12:45:01.449root 11241100x80000000000000004021583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9f5b904a36778a2021-12-22 12:45:01.449root 11241100x80000000000000004021584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3694d9d1ebd9c2d2021-12-22 12:45:01.449root 11241100x80000000000000004021585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973d70d516e9d7732021-12-22 12:45:01.450root 11241100x80000000000000004021586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4affd318b84300192021-12-22 12:45:01.450root 11241100x80000000000000004021587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df60bf80b75a1db92021-12-22 12:45:01.450root 11241100x80000000000000004021588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789592ae2a607f0a2021-12-22 12:45:01.451root 11241100x80000000000000004021589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42add33f598e1f7b2021-12-22 12:45:01.451root 11241100x80000000000000004021590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d81bf74e3e77672021-12-22 12:45:01.451root 11241100x80000000000000004021591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f4a5fc2524a6302021-12-22 12:45:01.451root 11241100x80000000000000004021592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712c8d3b5d464c472021-12-22 12:45:01.452root 11241100x80000000000000004021593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e41074cd00b70532021-12-22 12:45:01.452root 11241100x80000000000000004021594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ea7cff74ce26562021-12-22 12:45:01.452root 11241100x80000000000000004021595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd81d6e5b9c2d7c2021-12-22 12:45:01.453root 11241100x80000000000000004021596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9606d2b6b0c6f7c72021-12-22 12:45:01.462root 11241100x80000000000000004021597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a9b35098cb742f2021-12-22 12:45:01.463root 11241100x80000000000000004021598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61676e19970cbf242021-12-22 12:45:01.463root 11241100x80000000000000004021599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b986206ca21911e62021-12-22 12:45:01.943root 11241100x80000000000000004021600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5878d2a7e56bf712021-12-22 12:45:01.943root 11241100x80000000000000004021601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9c0f5737a4474c2021-12-22 12:45:01.943root 11241100x80000000000000004021602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89951da351ef383d2021-12-22 12:45:01.943root 11241100x80000000000000004021603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71105df7161e48842021-12-22 12:45:01.943root 11241100x80000000000000004021604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beb1b736427bb5e2021-12-22 12:45:01.943root 11241100x80000000000000004021605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142dfcc068def2b62021-12-22 12:45:01.944root 11241100x80000000000000004021606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c75b1b9621c6f02021-12-22 12:45:01.944root 11241100x80000000000000004021607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dbf1dbb1ed61102021-12-22 12:45:01.944root 11241100x80000000000000004021608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10673ef75294cc22021-12-22 12:45:01.944root 11241100x80000000000000004021609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2171a2cf19a4bc452021-12-22 12:45:01.944root 11241100x80000000000000004021610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debb3e20b8774a1e2021-12-22 12:45:01.944root 11241100x80000000000000004021611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73283d6e29d86872021-12-22 12:45:01.944root 11241100x80000000000000004021612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc097a88740c6532021-12-22 12:45:01.944root 11241100x80000000000000004021613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba36b96281f89f42021-12-22 12:45:01.944root 11241100x80000000000000004021614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6d31ba631c3ac92021-12-22 12:45:01.944root 11241100x80000000000000004021615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d794e6f0251d46212021-12-22 12:45:01.944root 11241100x80000000000000004021616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f6b4c5722a2862021-12-22 12:45:01.945root 11241100x80000000000000004021617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c1621c755a40d22021-12-22 12:45:01.945root 11241100x80000000000000004021618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289e42ba152f07c32021-12-22 12:45:01.945root 11241100x80000000000000004021619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2930e24780e97d782021-12-22 12:45:01.945root 11241100x80000000000000004021620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b31bb95b053fc22021-12-22 12:45:01.945root 11241100x80000000000000004021621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85e9bf24fcea0e22021-12-22 12:45:01.945root 11241100x80000000000000004021622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f88e1b7b1695972021-12-22 12:45:01.945root 11241100x80000000000000004021623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf606315e51b8a902021-12-22 12:45:01.945root 11241100x80000000000000004021624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6de244a0028f1a52021-12-22 12:45:01.945root 11241100x80000000000000004021625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89b9d378cfb144e2021-12-22 12:45:01.945root 11241100x80000000000000004021626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6068001a302935ea2021-12-22 12:45:01.945root 11241100x80000000000000004021627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b83bd37cf2313952021-12-22 12:45:01.946root 11241100x80000000000000004021628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5825dbd17690b5502021-12-22 12:45:01.946root 11241100x80000000000000004021629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e9ed8a13722a6d2021-12-22 12:45:01.946root 11241100x80000000000000004021630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6bf8472dde4502021-12-22 12:45:01.946root 11241100x80000000000000004021631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d5b138471404992021-12-22 12:45:01.946root 11241100x80000000000000004021632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f954522b22c51b82021-12-22 12:45:01.946root 11241100x80000000000000004021633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9a3982299f4f1e2021-12-22 12:45:01.946root 11241100x80000000000000004021634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214cfbc66b8b28552021-12-22 12:45:01.946root 11241100x80000000000000004021635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bee7af8c861b0b82021-12-22 12:45:01.946root 11241100x80000000000000004021636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43d2a0f47a9bb982021-12-22 12:45:01.946root 11241100x80000000000000004021637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c162420488018a232021-12-22 12:45:01.946root 11241100x80000000000000004021638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb76e2abf68c9e732021-12-22 12:45:01.947root 11241100x80000000000000004021639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8759a91de2be9b142021-12-22 12:45:01.947root 11241100x80000000000000004021640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fcecc1a04fd7532021-12-22 12:45:01.947root 11241100x80000000000000004021641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5327dc44ee70f92021-12-22 12:45:01.947root 11241100x80000000000000004021642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a84fb79d71cca82021-12-22 12:45:01.947root 11241100x80000000000000004021643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebb95548541780f2021-12-22 12:45:01.947root 11241100x80000000000000004021644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09de9cb4f5fe56952021-12-22 12:45:01.947root 11241100x80000000000000004021645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42a3ea9276779542021-12-22 12:45:01.947root 11241100x80000000000000004021646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f73cd9a1abdf0752021-12-22 12:45:01.947root 11241100x80000000000000004021647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5547cf9c1acf3d112021-12-22 12:45:01.947root 11241100x80000000000000004021648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b41dfb06c1242722021-12-22 12:45:01.948root 11241100x80000000000000004021649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65937e84281ff6d2021-12-22 12:45:01.948root 11241100x80000000000000004021650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3123a20532508e692021-12-22 12:45:01.948root 11241100x80000000000000004021651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8bf789b34750d22021-12-22 12:45:01.948root 11241100x80000000000000004021652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a143f9ee80d7b0f2021-12-22 12:45:01.948root 11241100x80000000000000004021653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b9c1dadc0f9e532021-12-22 12:45:01.948root 11241100x80000000000000004021654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1b6b61be44ee742021-12-22 12:45:01.948root 11241100x80000000000000004021655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc98397953876602021-12-22 12:45:01.948root 11241100x80000000000000004021656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1ce2ceaca1738c2021-12-22 12:45:01.948root 11241100x80000000000000004021657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846cae892466fc492021-12-22 12:45:01.948root 11241100x80000000000000004021658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed900a373d2870a2021-12-22 12:45:01.948root 11241100x80000000000000004021659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cf464b7c97ff512021-12-22 12:45:01.949root 11241100x80000000000000004021660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2fc265bfcc48cf2021-12-22 12:45:01.949root 11241100x80000000000000004021661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cefad1cb8191112021-12-22 12:45:01.949root 11241100x80000000000000004021662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28469375dde350ed2021-12-22 12:45:01.949root 11241100x80000000000000004021663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b1fcc0058d5b6c2021-12-22 12:45:01.949root 11241100x80000000000000004021664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71f1a1898119e962021-12-22 12:45:01.949root 11241100x80000000000000004021665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80e9915d67f7f7b2021-12-22 12:45:01.951root 11241100x80000000000000004021666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985d6f0813414a552021-12-22 12:45:01.951root 11241100x80000000000000004021667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906324ea853ae4112021-12-22 12:45:01.952root 11241100x80000000000000004021668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db899af0f47761332021-12-22 12:45:01.952root 11241100x80000000000000004021669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9558e8854ee4c0762021-12-22 12:45:01.952root 11241100x80000000000000004021670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2200fd1ab7b8a92021-12-22 12:45:01.952root 11241100x80000000000000004021671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c037a3f886b0892021-12-22 12:45:01.953root 11241100x80000000000000004021672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0301f42859eceee32021-12-22 12:45:01.953root 11241100x80000000000000004021673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756e336ad42bcea72021-12-22 12:45:01.954root 11241100x80000000000000004021674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8188e158e308b6982021-12-22 12:45:01.954root 11241100x80000000000000004021675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08793ef834e46012021-12-22 12:45:01.954root 11241100x80000000000000004021676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d56550e455b8602021-12-22 12:45:01.954root 11241100x80000000000000004021677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33413a44f077302a2021-12-22 12:45:01.954root 11241100x80000000000000004021678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fed357a497dc19c2021-12-22 12:45:01.954root 11241100x80000000000000004021679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1796a5f8215476982021-12-22 12:45:01.954root 11241100x80000000000000004021680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139fc1453ad8de732021-12-22 12:45:01.954root 11241100x80000000000000004021681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5085ef418adce372021-12-22 12:45:01.954root 11241100x80000000000000004021682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02f746683e2fea32021-12-22 12:45:01.955root 11241100x80000000000000004021683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1064b0f4ac15654a2021-12-22 12:45:01.955root 11241100x80000000000000004021684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eeedfe89008d3bf2021-12-22 12:45:01.955root 11241100x80000000000000004021685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9725c83c442b05012021-12-22 12:45:01.955root 11241100x80000000000000004021686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a149b462500fc12021-12-22 12:45:01.956root 11241100x80000000000000004021687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362c38abd83eaaee2021-12-22 12:45:01.956root 11241100x80000000000000004021688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641f8d0aa62f37ae2021-12-22 12:45:01.956root 11241100x80000000000000004021689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2443aacaae7e1622021-12-22 12:45:01.956root 11241100x80000000000000004021690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b483aaf69aa84f2021-12-22 12:45:01.956root 11241100x80000000000000004021691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3374d805d0442e322021-12-22 12:45:01.957root 11241100x80000000000000004021692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d73aadb77fcafd62021-12-22 12:45:01.957root 11241100x80000000000000004021693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060c9dd153fabb252021-12-22 12:45:02.443root 11241100x80000000000000004021694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6c81c7d681e2142021-12-22 12:45:02.443root 11241100x80000000000000004021695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da9ec3be02302df2021-12-22 12:45:02.443root 11241100x80000000000000004021696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0339e59052b9882021-12-22 12:45:02.443root 11241100x80000000000000004021697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2012558a251989fb2021-12-22 12:45:02.444root 11241100x80000000000000004021698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35166e32320c45d62021-12-22 12:45:02.444root 11241100x80000000000000004021699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaa58c85d8739cc2021-12-22 12:45:02.444root 11241100x80000000000000004021700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034ea720a39287c22021-12-22 12:45:02.444root 11241100x80000000000000004021701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62450fe80f7627b92021-12-22 12:45:02.444root 11241100x80000000000000004021702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f917524dc98d2e2021-12-22 12:45:02.444root 11241100x80000000000000004021703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c007fb1929d233d62021-12-22 12:45:02.444root 11241100x80000000000000004021704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f0244342d282142021-12-22 12:45:02.444root 11241100x80000000000000004021705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926a0768e0956c422021-12-22 12:45:02.444root 11241100x80000000000000004021706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f70a8410f3737602021-12-22 12:45:02.444root 11241100x80000000000000004021707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23cfb23d4f9ed672021-12-22 12:45:02.444root 11241100x80000000000000004021708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed896e7d91a05de62021-12-22 12:45:02.444root 11241100x80000000000000004021709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976b3740c8ae0dd22021-12-22 12:45:02.444root 11241100x80000000000000004021710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b339928beeca8c9b2021-12-22 12:45:02.444root 11241100x80000000000000004021711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc3966a37d113612021-12-22 12:45:02.444root 11241100x80000000000000004021712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828c3681182a35652021-12-22 12:45:02.444root 11241100x80000000000000004021713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b266c699d8f46c062021-12-22 12:45:02.445root 11241100x80000000000000004021714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811bea2eb560cb242021-12-22 12:45:02.445root 11241100x80000000000000004021715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1732ccfe6c0deeae2021-12-22 12:45:02.445root 11241100x80000000000000004021716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04e99f7671b0fd72021-12-22 12:45:02.445root 11241100x80000000000000004021717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa48754c77bff42021-12-22 12:45:02.445root 11241100x80000000000000004021718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fd8ced5b7360082021-12-22 12:45:02.445root 11241100x80000000000000004021719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870d9fe73a4630712021-12-22 12:45:02.446root 11241100x80000000000000004021720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d423ee8230a849922021-12-22 12:45:02.446root 11241100x80000000000000004021721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ce1cda4f0f584c2021-12-22 12:45:02.446root 11241100x80000000000000004021722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7f607d0bfeb01d2021-12-22 12:45:02.446root 11241100x80000000000000004021723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5954e5dfff929d2021-12-22 12:45:02.446root 11241100x80000000000000004021724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69947673aef9b2f2021-12-22 12:45:02.446root 11241100x80000000000000004021725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520e03b2e06825132021-12-22 12:45:02.446root 11241100x80000000000000004021726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06735bd450341452021-12-22 12:45:02.446root 11241100x80000000000000004021727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e93ac3869906cde2021-12-22 12:45:02.446root 11241100x80000000000000004021728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e065fcd3eac06512021-12-22 12:45:02.446root 11241100x80000000000000004021729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69149145ddd966d2021-12-22 12:45:02.446root 11241100x80000000000000004021730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc58b76a8f711dd2021-12-22 12:45:02.446root 11241100x80000000000000004021731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f83bed009ba1772021-12-22 12:45:02.446root 11241100x80000000000000004021732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54492c7bd8433f802021-12-22 12:45:02.446root 11241100x80000000000000004021733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4156faf4108389b2021-12-22 12:45:02.447root 11241100x80000000000000004021734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8989058e975a4af2021-12-22 12:45:02.447root 11241100x80000000000000004021735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9553b22dd0f6ee72021-12-22 12:45:02.447root 11241100x80000000000000004021736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a666a75150c6052021-12-22 12:45:02.447root 11241100x80000000000000004021737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af439b99308d62912021-12-22 12:45:02.447root 11241100x80000000000000004021738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9911e903b1dbd2e2021-12-22 12:45:02.447root 11241100x80000000000000004021739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e3d6d50bf0d2322021-12-22 12:45:02.447root 11241100x80000000000000004021740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f835de630c8287b2021-12-22 12:45:02.447root 11241100x80000000000000004021741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ed2c4b73326ac02021-12-22 12:45:02.447root 11241100x80000000000000004021742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb16aab1f66fb14b2021-12-22 12:45:02.447root 11241100x80000000000000004021743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70617a8b4714a3312021-12-22 12:45:02.447root 11241100x80000000000000004021744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9091833b805daa362021-12-22 12:45:02.448root 11241100x80000000000000004021745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2b945f4d1b512c2021-12-22 12:45:02.448root 11241100x80000000000000004021746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588d68ee9b3e11a12021-12-22 12:45:02.448root 11241100x80000000000000004021747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafe2167a2d86a042021-12-22 12:45:02.448root 11241100x80000000000000004021748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb1c41de7e526722021-12-22 12:45:02.448root 11241100x80000000000000004021749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eff786a758fd7c72021-12-22 12:45:02.448root 11241100x80000000000000004021750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbf51a33999d95f2021-12-22 12:45:02.448root 11241100x80000000000000004021751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c4cbdf102e42ad2021-12-22 12:45:02.448root 11241100x80000000000000004021752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f7e06e1699d9ad2021-12-22 12:45:02.448root 11241100x80000000000000004021753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea40f63aaeff9b82021-12-22 12:45:02.448root 11241100x80000000000000004021754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc94833b6e7b08ec2021-12-22 12:45:02.448root 11241100x80000000000000004021755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff53c0af802137ff2021-12-22 12:45:02.449root 11241100x80000000000000004021756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328b7d2ca7d8021a2021-12-22 12:45:02.449root 11241100x80000000000000004021757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6582e4a4dbf238202021-12-22 12:45:02.449root 11241100x80000000000000004021758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6027e35a66bc25b2021-12-22 12:45:02.449root 11241100x80000000000000004021759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b17a3831b0c21d32021-12-22 12:45:02.449root 11241100x80000000000000004021760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1db3d9b60588a3c2021-12-22 12:45:02.449root 11241100x80000000000000004021761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bec7e9507e3a492021-12-22 12:45:02.449root 11241100x80000000000000004021762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d47dcab00b2b242021-12-22 12:45:02.449root 11241100x80000000000000004021763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c449c7d69fba45a2021-12-22 12:45:02.449root 11241100x80000000000000004021764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60715444c24251772021-12-22 12:45:02.449root 11241100x80000000000000004021765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d760632333253e802021-12-22 12:45:02.449root 11241100x80000000000000004021766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a219aa0685e5aca92021-12-22 12:45:02.450root 11241100x80000000000000004021767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3619b65e35615152021-12-22 12:45:02.450root 11241100x80000000000000004021768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba764bcf887c302021-12-22 12:45:02.450root 11241100x80000000000000004021769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f81d6fea11f9212021-12-22 12:45:02.450root 11241100x80000000000000004021770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2db2e30b86e8ee2021-12-22 12:45:02.450root 11241100x80000000000000004021771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cdcc419b7142fa2021-12-22 12:45:02.450root 11241100x80000000000000004021772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381dfd436cc7c9632021-12-22 12:45:02.450root 11241100x80000000000000004021773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf9170827038c932021-12-22 12:45:02.450root 11241100x80000000000000004021774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962f278afddb57f82021-12-22 12:45:02.450root 11241100x80000000000000004021775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ca1e0b03ec899b2021-12-22 12:45:02.450root 11241100x80000000000000004021776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cb61539ba3c8092021-12-22 12:45:02.450root 11241100x80000000000000004021777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf5daff589855cf2021-12-22 12:45:02.450root 11241100x80000000000000004021778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4405afc0c03e7402021-12-22 12:45:02.943root 11241100x80000000000000004021779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd13cd69579975202021-12-22 12:45:02.944root 11241100x80000000000000004021780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d4230b9f9a487e2021-12-22 12:45:02.944root 11241100x80000000000000004021781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032ff1b2511e34362021-12-22 12:45:02.944root 11241100x80000000000000004021782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274c98c43c5f36982021-12-22 12:45:02.944root 11241100x80000000000000004021783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93aedbce48584442021-12-22 12:45:02.944root 11241100x80000000000000004021784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6471e7f85712710c2021-12-22 12:45:02.945root 11241100x80000000000000004021785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8fe4154dd207142021-12-22 12:45:02.945root 11241100x80000000000000004021786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a968d806ef6acc2021-12-22 12:45:02.945root 11241100x80000000000000004021787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601fc9e046c06d582021-12-22 12:45:02.945root 11241100x80000000000000004021788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9596170db2f8b72021-12-22 12:45:02.946root 11241100x80000000000000004021789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401235097147dcb12021-12-22 12:45:02.946root 11241100x80000000000000004021790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9517d7057fd4efd22021-12-22 12:45:02.946root 11241100x80000000000000004021791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4656900d0eac66e2021-12-22 12:45:02.946root 11241100x80000000000000004021792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899ce6753f5398ae2021-12-22 12:45:02.946root 11241100x80000000000000004021793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bc45f361e3251c2021-12-22 12:45:02.947root 11241100x80000000000000004021794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af58a671818da802021-12-22 12:45:02.947root 11241100x80000000000000004021795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687171a2aa7473e92021-12-22 12:45:02.947root 11241100x80000000000000004021796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f5a3e7b4ee18b42021-12-22 12:45:02.947root 11241100x80000000000000004021797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21171cc6a6cbe9ec2021-12-22 12:45:02.947root 11241100x80000000000000004021798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb82784a00247e02021-12-22 12:45:02.947root 11241100x80000000000000004021799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b31a1aab3a4c3e72021-12-22 12:45:02.947root 11241100x80000000000000004021800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b14043ec27b45a2021-12-22 12:45:02.948root 11241100x80000000000000004021801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb32292f3268960b2021-12-22 12:45:02.948root 11241100x80000000000000004021802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f23b73f5b235bfc2021-12-22 12:45:02.948root 11241100x80000000000000004021803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931ced8365abbd142021-12-22 12:45:02.948root 11241100x80000000000000004021804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b478ae79d2673f2021-12-22 12:45:02.948root 11241100x80000000000000004021805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240f96441f8fe6ea2021-12-22 12:45:02.948root 11241100x80000000000000004021806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5f424ab029724c2021-12-22 12:45:02.948root 11241100x80000000000000004021807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078ba71b8b3ab21e2021-12-22 12:45:02.948root 11241100x80000000000000004021808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea395809b58bbb142021-12-22 12:45:02.948root 11241100x80000000000000004021809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d636b2b8b91fae562021-12-22 12:45:02.949root 11241100x80000000000000004021810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4547b7d8c1fd5d52021-12-22 12:45:02.949root 11241100x80000000000000004021811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9fad1968796bfa2021-12-22 12:45:02.949root 11241100x80000000000000004021812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d980d61bd947be2021-12-22 12:45:02.949root 11241100x80000000000000004021813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40403a0c46f91cb72021-12-22 12:45:02.949root 11241100x80000000000000004021814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b79eb4759c2f6112021-12-22 12:45:02.949root 11241100x80000000000000004021815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2468eca7c546fc682021-12-22 12:45:02.949root 11241100x80000000000000004021816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1631b00eeb6eacb2021-12-22 12:45:02.950root 11241100x80000000000000004021817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141d1ee7afa9927e2021-12-22 12:45:02.950root 11241100x80000000000000004021818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd1a094d5b16b6c2021-12-22 12:45:02.950root 11241100x80000000000000004021819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdc53651c086a162021-12-22 12:45:02.950root 11241100x80000000000000004021820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784ce3bb5850b3b22021-12-22 12:45:02.950root 11241100x80000000000000004021821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5e3183857ca08e2021-12-22 12:45:02.950root 11241100x80000000000000004021822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a730bab416a88c482021-12-22 12:45:02.950root 11241100x80000000000000004021823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bb37e882dc6d8c2021-12-22 12:45:02.950root 11241100x80000000000000004021824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053692131a4ae4862021-12-22 12:45:02.951root 11241100x80000000000000004021825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ca789a346921702021-12-22 12:45:02.951root 11241100x80000000000000004021826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a208b207ec8f9e2021-12-22 12:45:02.951root 11241100x80000000000000004021827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1127b4bf28f9f52021-12-22 12:45:02.951root 11241100x80000000000000004021828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea27f5b63d792ffd2021-12-22 12:45:02.951root 11241100x80000000000000004021829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137eaf6dc127b6db2021-12-22 12:45:02.951root 11241100x80000000000000004021830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5cadf84664b3992021-12-22 12:45:02.951root 11241100x80000000000000004021831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0448b4a806b2ef2021-12-22 12:45:02.951root 11241100x80000000000000004021832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ada49c5b86d4192021-12-22 12:45:02.951root 11241100x80000000000000004021833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.124{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:45:03.124root 11241100x80000000000000004021834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74bcd25b21675fe2021-12-22 12:45:03.444root 11241100x80000000000000004021835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d79e9aacc85e6c2021-12-22 12:45:03.444root 11241100x80000000000000004021836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40448e1f7787a7e2021-12-22 12:45:03.444root 11241100x80000000000000004021837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9b45eda8597a6e2021-12-22 12:45:03.444root 11241100x80000000000000004021838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3112e89a4ebbf5702021-12-22 12:45:03.444root 11241100x80000000000000004021839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7530b6fbef4a84032021-12-22 12:45:03.444root 11241100x80000000000000004021840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b1b7582f683e9a2021-12-22 12:45:03.444root 11241100x80000000000000004021841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba710d4acd4965d32021-12-22 12:45:03.444root 11241100x80000000000000004021842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9756608328b0ecbb2021-12-22 12:45:03.445root 11241100x80000000000000004021843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2cbbcf29d9303d2021-12-22 12:45:03.445root 11241100x80000000000000004021844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12788bd582e76162021-12-22 12:45:03.445root 11241100x80000000000000004021845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae3a85a8607b4d12021-12-22 12:45:03.445root 11241100x80000000000000004021846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f5701f1df163a52021-12-22 12:45:03.445root 11241100x80000000000000004021847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0269d247eba879c52021-12-22 12:45:03.445root 11241100x80000000000000004021848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22303a84b56d08d52021-12-22 12:45:03.445root 11241100x80000000000000004021849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0cc24b7c67cddc2021-12-22 12:45:03.445root 11241100x80000000000000004021850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4684a411e0206f2021-12-22 12:45:03.445root 11241100x80000000000000004021851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc8236aecc8e3ae2021-12-22 12:45:03.445root 11241100x80000000000000004021852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f54145e30e1e7d32021-12-22 12:45:03.446root 11241100x80000000000000004021853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14d75385973c5b62021-12-22 12:45:03.446root 11241100x80000000000000004021854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c7f3bcc7d3ff2f2021-12-22 12:45:03.446root 11241100x80000000000000004021855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb2fda7c890d2fa2021-12-22 12:45:03.446root 11241100x80000000000000004021856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f482b06a229cd232021-12-22 12:45:03.446root 11241100x80000000000000004021857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c7e52e1d9d82842021-12-22 12:45:03.446root 11241100x80000000000000004021858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e50a1db218add62021-12-22 12:45:03.446root 11241100x80000000000000004021859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfd8c315bffc5d72021-12-22 12:45:03.447root 11241100x80000000000000004021860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12446db6a27f0aa2021-12-22 12:45:03.447root 11241100x80000000000000004021861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188d13920e77275d2021-12-22 12:45:03.447root 11241100x80000000000000004021862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21223696d9ad0ca2021-12-22 12:45:03.447root 11241100x80000000000000004021863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c97268e0159f662021-12-22 12:45:03.448root 11241100x80000000000000004021864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a82f4b2c16221f2021-12-22 12:45:03.448root 11241100x80000000000000004021865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f94781ae40845172021-12-22 12:45:03.448root 11241100x80000000000000004021866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2366e0903bdb457d2021-12-22 12:45:03.448root 11241100x80000000000000004021867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93296c787aeca6092021-12-22 12:45:03.448root 11241100x80000000000000004021868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea43c6e9d1317d72021-12-22 12:45:03.448root 11241100x80000000000000004021869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d8bb198cbfd8812021-12-22 12:45:03.448root 11241100x80000000000000004021870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02625af0fb97119c2021-12-22 12:45:03.448root 11241100x80000000000000004021871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560bd2fde49ce7b32021-12-22 12:45:03.448root 11241100x80000000000000004021872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489122d0397e7a512021-12-22 12:45:03.448root 11241100x80000000000000004021873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9117a27f6959592021-12-22 12:45:03.448root 11241100x80000000000000004021874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebbbbf777f335b52021-12-22 12:45:03.449root 11241100x80000000000000004021875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1a51b968e1449b2021-12-22 12:45:03.449root 11241100x80000000000000004021876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6f299c1170a9182021-12-22 12:45:03.449root 11241100x80000000000000004021877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192d23b11deb90532021-12-22 12:45:03.450root 11241100x80000000000000004021878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2282ded5a097d2102021-12-22 12:45:03.450root 11241100x80000000000000004021879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90353a240839bb802021-12-22 12:45:03.450root 11241100x80000000000000004021880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9470cee4d5a512882021-12-22 12:45:03.450root 11241100x80000000000000004021881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4eee8f57b4d5e42021-12-22 12:45:03.943root 11241100x80000000000000004021882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e081277a5a07392021-12-22 12:45:03.943root 11241100x80000000000000004021883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aded94c7a4d633632021-12-22 12:45:03.943root 11241100x80000000000000004021884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e7e870f2d513972021-12-22 12:45:03.943root 11241100x80000000000000004021885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c7902ee674ac4d2021-12-22 12:45:03.944root 11241100x80000000000000004021886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb67ceee44a41972021-12-22 12:45:03.944root 11241100x80000000000000004021887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0725f41fd72cc85e2021-12-22 12:45:03.944root 11241100x80000000000000004021888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba0a6ebc3e0fa1c2021-12-22 12:45:03.944root 11241100x80000000000000004021889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7247410f0c884c9d2021-12-22 12:45:03.944root 11241100x80000000000000004021890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af42263d144c7ba2021-12-22 12:45:03.944root 11241100x80000000000000004021891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3316a198fde5f92021-12-22 12:45:03.944root 11241100x80000000000000004021892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dd6eda0a57f47c2021-12-22 12:45:03.944root 11241100x80000000000000004021893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6124b215e9448702021-12-22 12:45:03.944root 11241100x80000000000000004021894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f891d1ea8e719be2021-12-22 12:45:03.944root 11241100x80000000000000004021895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c4c0a50624c7fb2021-12-22 12:45:03.944root 11241100x80000000000000004021896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29fcf0c625318d62021-12-22 12:45:03.944root 11241100x80000000000000004021897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d484db0dcc183132021-12-22 12:45:03.944root 11241100x80000000000000004021898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb50af61941c21b2021-12-22 12:45:03.944root 11241100x80000000000000004021899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ba8dd879235f052021-12-22 12:45:03.944root 11241100x80000000000000004021900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bd83e70e7bc1fe2021-12-22 12:45:03.944root 11241100x80000000000000004021901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7861d012e52ac1ab2021-12-22 12:45:03.944root 11241100x80000000000000004021902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9ab207ce4fcf6c2021-12-22 12:45:03.945root 11241100x80000000000000004021903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccb10810ed9698c2021-12-22 12:45:03.945root 11241100x80000000000000004021904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6e01ca0c4d587f2021-12-22 12:45:03.945root 11241100x80000000000000004021905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3975fb0afc6b615b2021-12-22 12:45:03.945root 11241100x80000000000000004021906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97102eaf57fa5f42021-12-22 12:45:03.945root 11241100x80000000000000004021907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15953c06c21f80f82021-12-22 12:45:03.945root 11241100x80000000000000004021908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2523f64a59d7202021-12-22 12:45:03.945root 11241100x80000000000000004021909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af97bdddee5a1ad52021-12-22 12:45:03.945root 11241100x80000000000000004021910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31d2d3f4dbde52e2021-12-22 12:45:03.945root 11241100x80000000000000004021911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a829351d687db59f2021-12-22 12:45:03.945root 11241100x80000000000000004021912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c033044ac4b5d7e2021-12-22 12:45:03.945root 11241100x80000000000000004021913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5582759d08ff25472021-12-22 12:45:03.945root 11241100x80000000000000004021914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016071451fe8d2fd2021-12-22 12:45:03.946root 11241100x80000000000000004021915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3109d985e138382021-12-22 12:45:03.946root 11241100x80000000000000004021916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255f9e37d0949c302021-12-22 12:45:03.946root 11241100x80000000000000004021917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f50e9309f695e932021-12-22 12:45:03.946root 11241100x80000000000000004021918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bfaa5de33083d62021-12-22 12:45:03.946root 11241100x80000000000000004021919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd45cefc37939b12021-12-22 12:45:03.947root 11241100x80000000000000004021920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ca2e127fc4e4f62021-12-22 12:45:03.947root 11241100x80000000000000004021921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbcce37e2543cfa2021-12-22 12:45:03.947root 11241100x80000000000000004021922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b86a674ffea0a592021-12-22 12:45:03.947root 11241100x80000000000000004021923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba9c116cd83fc572021-12-22 12:45:03.947root 11241100x80000000000000004021924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8f7d48e7cd55dc2021-12-22 12:45:03.947root 11241100x80000000000000004021925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4606a6dec0f57aa72021-12-22 12:45:03.947root 11241100x80000000000000004021926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cdd17e0e684a7d2021-12-22 12:45:03.947root 11241100x80000000000000004021927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de9aed9500bdba32021-12-22 12:45:03.947root 11241100x80000000000000004021928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c703ac254552a912021-12-22 12:45:03.947root 11241100x80000000000000004021929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ee8e223bea09882021-12-22 12:45:03.948root 11241100x80000000000000004021930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a88da1c6dc555762021-12-22 12:45:03.948root 11241100x80000000000000004021931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d10aef660e58e52021-12-22 12:45:03.948root 11241100x80000000000000004021932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83af33558b53b4792021-12-22 12:45:03.948root 11241100x80000000000000004021933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a919931629ff2ad92021-12-22 12:45:03.948root 11241100x80000000000000004021934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742a0e2a740ae5ab2021-12-22 12:45:03.948root 11241100x80000000000000004021935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c7f3385a102d8c2021-12-22 12:45:03.948root 11241100x80000000000000004021936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdc268ea9a4c8f32021-12-22 12:45:03.948root 11241100x80000000000000004021937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23569ce0ad3ecbd2021-12-22 12:45:03.948root 11241100x80000000000000004021938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25da705b4f331a62021-12-22 12:45:03.948root 11241100x80000000000000004021939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86dc5033f5c739e2021-12-22 12:45:03.948root 11241100x80000000000000004021940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bada11073e8f1e72021-12-22 12:45:03.948root 11241100x80000000000000004021941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a10a0af1a7aef82021-12-22 12:45:03.948root 11241100x80000000000000004021942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1341575fe74a39152021-12-22 12:45:03.948root 11241100x80000000000000004021943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6772e71299b796582021-12-22 12:45:03.948root 11241100x80000000000000004021944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d113dbfaa74efbc2021-12-22 12:45:03.948root 11241100x80000000000000004021945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718e81ad0333f6ca2021-12-22 12:45:03.949root 11241100x80000000000000004021946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f826036b19657cf02021-12-22 12:45:03.949root 11241100x80000000000000004021947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05b8c085b4795e62021-12-22 12:45:03.949root 11241100x80000000000000004021948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f046ce9684c6e112021-12-22 12:45:03.949root 11241100x80000000000000004021949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed22e6e0e21b9c112021-12-22 12:45:03.949root 11241100x80000000000000004021950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf87fe2cf68d4812021-12-22 12:45:03.949root 11241100x80000000000000004021951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a1aff86e0257ce2021-12-22 12:45:03.949root 11241100x80000000000000004021952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cefacd3796ec12f2021-12-22 12:45:03.949root 11241100x80000000000000004021953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3d75ddd2af18fb2021-12-22 12:45:03.949root 11241100x80000000000000004021954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e472eafb816ac132021-12-22 12:45:03.949root 11241100x80000000000000004021955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbbfff6fb67e9162021-12-22 12:45:03.949root 11241100x80000000000000004021956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607950e1eedec59c2021-12-22 12:45:03.950root 11241100x80000000000000004021957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c024abec361b0f02021-12-22 12:45:03.950root 11241100x80000000000000004021958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5548d88b5af7d6b42021-12-22 12:45:03.950root 11241100x80000000000000004021959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badfeb2c8d4453de2021-12-22 12:45:03.950root 11241100x80000000000000004021960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bf9333c49f28a32021-12-22 12:45:03.950root 11241100x80000000000000004021961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e271e5252678ca2021-12-22 12:45:03.950root 11241100x80000000000000004021962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b82bb06ae798372021-12-22 12:45:03.950root 11241100x80000000000000004021963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2d54ee8c8b2e852021-12-22 12:45:03.950root 11241100x80000000000000004021964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441c267ab5e6b7322021-12-22 12:45:03.950root 11241100x80000000000000004021965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ff6895225f255c2021-12-22 12:45:03.950root 11241100x80000000000000004021966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939932fe9e387f912021-12-22 12:45:03.950root 11241100x80000000000000004021967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2df6d9ad65f9762021-12-22 12:45:03.950root 11241100x80000000000000004021968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a829fa0d80b55f2021-12-22 12:45:03.950root 11241100x80000000000000004021969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9679a072245ae772021-12-22 12:45:03.950root 11241100x80000000000000004021970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed055039dd5aa122021-12-22 12:45:03.950root 11241100x80000000000000004021971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d371213d48ae5e22021-12-22 12:45:03.950root 11241100x80000000000000004021972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb2f217b8dffeaa2021-12-22 12:45:03.950root 11241100x80000000000000004021973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc64efbda0967032021-12-22 12:45:03.951root 11241100x80000000000000004021974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5d5562e7b28e7c2021-12-22 12:45:03.951root 11241100x80000000000000004021975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3781e615ba2a5ab92021-12-22 12:45:03.951root 11241100x80000000000000004021976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072006d0b9f8307c2021-12-22 12:45:03.951root 11241100x80000000000000004021977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6dcd9fc1f32ce92021-12-22 12:45:03.951root 11241100x80000000000000004021978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1728181aa98bc2432021-12-22 12:45:03.951root 11241100x80000000000000004021979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106700ba3d75c5632021-12-22 12:45:03.951root 11241100x80000000000000004021980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b832c53c3fc6f12021-12-22 12:45:03.951root 11241100x80000000000000004021981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5624ab142f324c522021-12-22 12:45:03.951root 11241100x80000000000000004021982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4939c19d4a2bf5342021-12-22 12:45:03.951root 11241100x80000000000000004021983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3245dec91971d62021-12-22 12:45:03.951root 11241100x80000000000000004021984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c32bc94078c8812021-12-22 12:45:03.951root 11241100x80000000000000004021985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b1cbbeb07ccd3e2021-12-22 12:45:03.951root 11241100x80000000000000004021986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd47fb8ebe4d49582021-12-22 12:45:03.951root 11241100x80000000000000004021987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba52ebbc9afd64442021-12-22 12:45:03.951root 11241100x80000000000000004021988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4fa4ddebdae2f02021-12-22 12:45:03.951root 11241100x80000000000000004021989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e44cc2492f44bbd2021-12-22 12:45:03.952root 11241100x80000000000000004021990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bbf6fb662e5d852021-12-22 12:45:03.952root 11241100x80000000000000004021991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5431603aa18b7ab2021-12-22 12:45:03.952root 11241100x80000000000000004021992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e7a94fccc69dce2021-12-22 12:45:03.952root 11241100x80000000000000004021993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39114d1ebd7ee6d2021-12-22 12:45:03.952root 11241100x80000000000000004021994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced4dfce7a1acbb62021-12-22 12:45:03.953root 11241100x80000000000000004021995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db66b4b7fd0815c2021-12-22 12:45:03.953root 11241100x80000000000000004021996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01323ce841fd79072021-12-22 12:45:03.953root 11241100x80000000000000004021997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaed1a7e092f3eed2021-12-22 12:45:03.953root 11241100x80000000000000004021998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc570f6789b9f992021-12-22 12:45:03.953root 11241100x80000000000000004021999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd622fb4eb268632021-12-22 12:45:03.953root 11241100x80000000000000004022000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eef44c8f5ac8ae2021-12-22 12:45:03.953root 11241100x80000000000000004022001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0ea8d7e8e70aac2021-12-22 12:45:03.953root 11241100x80000000000000004022002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883cc8633d2fd52b2021-12-22 12:45:03.953root 11241100x80000000000000004022003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2f301f403667542021-12-22 12:45:03.954root 11241100x80000000000000004022004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa24feb4e595ff02021-12-22 12:45:03.954root 11241100x80000000000000004022005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f3603480073ffb2021-12-22 12:45:03.954root 11241100x80000000000000004022006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e422c5081ad4a70b2021-12-22 12:45:03.954root 11241100x80000000000000004022007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188f7e688c88c4552021-12-22 12:45:03.954root 11241100x80000000000000004022008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dee0e6a0208cdc2021-12-22 12:45:03.954root 11241100x80000000000000004022009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8378a3643e3cb62021-12-22 12:45:03.954root 11241100x80000000000000004022010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a710e6cca9bc2d42021-12-22 12:45:03.954root 11241100x80000000000000004022011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ed10db7dc756242021-12-22 12:45:03.954root 11241100x80000000000000004022012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab78e61dfc207952021-12-22 12:45:03.954root 11241100x80000000000000004022013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30536320fc6293852021-12-22 12:45:03.955root 11241100x80000000000000004022014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1716a9464e4b3342021-12-22 12:45:03.955root 11241100x80000000000000004022015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683a0a06b6513ba62021-12-22 12:45:03.955root 11241100x80000000000000004022016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bef16f77642e5d2021-12-22 12:45:03.955root 11241100x80000000000000004022017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22547e1c7b59e5522021-12-22 12:45:03.955root 11241100x80000000000000004022018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0eedc45e96eb3a2021-12-22 12:45:03.955root 11241100x80000000000000004022019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5044b690681500f32021-12-22 12:45:03.955root 11241100x80000000000000004022020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac75225ee2ce22222021-12-22 12:45:03.955root 11241100x80000000000000004022021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9464b6dfda93e9c2021-12-22 12:45:03.955root 11241100x80000000000000004022022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd9557feaab73872021-12-22 12:45:03.955root 11241100x80000000000000004022023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18ab57abc19adb82021-12-22 12:45:04.443root 11241100x80000000000000004022024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9a9a09835ee8332021-12-22 12:45:04.443root 11241100x80000000000000004022025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95ea9e478617ba82021-12-22 12:45:04.443root 11241100x80000000000000004022026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a620a4554feafa2021-12-22 12:45:04.443root 11241100x80000000000000004022027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88691c588c63fc52021-12-22 12:45:04.443root 11241100x80000000000000004022028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff146ca7f99e57d2021-12-22 12:45:04.444root 11241100x80000000000000004022029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770dca2863656cd92021-12-22 12:45:04.444root 11241100x80000000000000004022030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8513d5d9dfcfebca2021-12-22 12:45:04.444root 11241100x80000000000000004022031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870dfaa6f9ca6c2b2021-12-22 12:45:04.444root 11241100x80000000000000004022032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9fcf6790d8f4412021-12-22 12:45:04.444root 11241100x80000000000000004022033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269733a83fe2cae82021-12-22 12:45:04.444root 11241100x80000000000000004022034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531552be398439a72021-12-22 12:45:04.444root 11241100x80000000000000004022035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce16146fd46c36ea2021-12-22 12:45:04.444root 11241100x80000000000000004022036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13647ffe73f0ccb2021-12-22 12:45:04.445root 11241100x80000000000000004022037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c48303034b28202021-12-22 12:45:04.445root 11241100x80000000000000004022038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c575c67c82123f502021-12-22 12:45:04.445root 11241100x80000000000000004022039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc530ae915dc25fd2021-12-22 12:45:04.445root 11241100x80000000000000004022040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b3c840d70847832021-12-22 12:45:04.445root 11241100x80000000000000004022041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8474736547053d252021-12-22 12:45:04.445root 11241100x80000000000000004022042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bbcb77dd2d57c02021-12-22 12:45:04.445root 11241100x80000000000000004022043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731f05ff88645edb2021-12-22 12:45:04.445root 11241100x80000000000000004022044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dd6e00e646e5002021-12-22 12:45:04.445root 11241100x80000000000000004022045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e268bbc8ff3f542021-12-22 12:45:04.446root 11241100x80000000000000004022046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62532e7252ae0c362021-12-22 12:45:04.446root 11241100x80000000000000004022047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c111c7aee09a7c652021-12-22 12:45:04.446root 11241100x80000000000000004022048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8005740025a8db2021-12-22 12:45:04.446root 11241100x80000000000000004022049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac8937a10c1ace42021-12-22 12:45:04.446root 11241100x80000000000000004022050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d823c17087cfff2021-12-22 12:45:04.446root 11241100x80000000000000004022051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777c67a8ebd197092021-12-22 12:45:04.446root 11241100x80000000000000004022052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48096dab0724fe342021-12-22 12:45:04.446root 11241100x80000000000000004022053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163db0a74c244aac2021-12-22 12:45:04.447root 11241100x80000000000000004022054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacca74a29c032be2021-12-22 12:45:04.447root 11241100x80000000000000004022055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a61e2a46b5847c2021-12-22 12:45:04.447root 11241100x80000000000000004022056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7c5659b6d0357d2021-12-22 12:45:04.447root 11241100x80000000000000004022057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa88917056c0a6602021-12-22 12:45:04.447root 11241100x80000000000000004022058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb50c756bb120ed2021-12-22 12:45:04.448root 11241100x80000000000000004022059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5676ef0615ef932021-12-22 12:45:04.448root 11241100x80000000000000004022060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ce7a17fd2d328c2021-12-22 12:45:04.448root 11241100x80000000000000004022061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c41756398d28bca2021-12-22 12:45:04.448root 11241100x80000000000000004022062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b296a840c6ce7b2021-12-22 12:45:04.448root 11241100x80000000000000004022063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab2a4ff532c85ee2021-12-22 12:45:04.448root 11241100x80000000000000004022064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f3637408d51c592021-12-22 12:45:04.449root 11241100x80000000000000004022065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0c45bbb277805f2021-12-22 12:45:04.449root 11241100x80000000000000004022066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996bb6ec8024829e2021-12-22 12:45:04.449root 11241100x80000000000000004022067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea75a71da00e2bc2021-12-22 12:45:04.449root 11241100x80000000000000004022068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972506b2d79b45b32021-12-22 12:45:04.449root 11241100x80000000000000004022069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805d10445432d37b2021-12-22 12:45:04.449root 11241100x80000000000000004022070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5becbe7eecd30592021-12-22 12:45:04.449root 11241100x80000000000000004022071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd786510bc6426972021-12-22 12:45:04.450root 11241100x80000000000000004022072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b98cdc384d42f5b2021-12-22 12:45:04.450root 11241100x80000000000000004022073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5010005b1b27243d2021-12-22 12:45:04.943root 11241100x80000000000000004022074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d18f5aeb2c7416e2021-12-22 12:45:04.943root 11241100x80000000000000004022075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5014d3fc1c602d8b2021-12-22 12:45:04.943root 11241100x80000000000000004022076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a0ce0f50c1e4342021-12-22 12:45:04.943root 11241100x80000000000000004022077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae88b084b0ed35422021-12-22 12:45:04.943root 11241100x80000000000000004022078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fc6b41c807d18f2021-12-22 12:45:04.943root 11241100x80000000000000004022079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33215f9a5a7a6f5f2021-12-22 12:45:04.943root 11241100x80000000000000004022080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a9cfad7c7b94752021-12-22 12:45:04.944root 11241100x80000000000000004022081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e62e136764c85962021-12-22 12:45:04.944root 11241100x80000000000000004022082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9bd0e3ace71e722021-12-22 12:45:04.944root 11241100x80000000000000004022083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0592aeeef2ee4a9e2021-12-22 12:45:04.944root 11241100x80000000000000004022084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f826881e32d47a82021-12-22 12:45:04.944root 11241100x80000000000000004022085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab0d5d4d65bbbd12021-12-22 12:45:04.944root 11241100x80000000000000004022086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae2e085f51aa8bf2021-12-22 12:45:04.944root 11241100x80000000000000004022087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefe1461db66ce7e2021-12-22 12:45:04.944root 11241100x80000000000000004022088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ed85061c16077f2021-12-22 12:45:04.944root 11241100x80000000000000004022089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0842e29577b8ac12021-12-22 12:45:04.944root 11241100x80000000000000004022090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ca314b29bd5da02021-12-22 12:45:04.944root 11241100x80000000000000004022091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68426f25cd7f3b9e2021-12-22 12:45:04.945root 11241100x80000000000000004022092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fe16fd72fa51522021-12-22 12:45:04.945root 11241100x80000000000000004022093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74984d192cbc75ce2021-12-22 12:45:04.945root 11241100x80000000000000004022094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1677eafc1882e8152021-12-22 12:45:04.945root 11241100x80000000000000004022095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15af32c430d357d12021-12-22 12:45:04.945root 11241100x80000000000000004022096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049c679e50e5a9a82021-12-22 12:45:04.945root 11241100x80000000000000004022097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff3f61c6d0ccd8f2021-12-22 12:45:04.945root 11241100x80000000000000004022098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d101d1497d109d2021-12-22 12:45:04.946root 11241100x80000000000000004022099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcd6b4aa84bc6eb2021-12-22 12:45:04.946root 11241100x80000000000000004022100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4aa7d70deb8a0a2021-12-22 12:45:04.946root 11241100x80000000000000004022101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b64c9151c442c9d2021-12-22 12:45:04.946root 11241100x80000000000000004022102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f37580b1c7ec99f2021-12-22 12:45:04.946root 11241100x80000000000000004022103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a1c6069d128a532021-12-22 12:45:04.946root 11241100x80000000000000004022104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770a908fb320f16d2021-12-22 12:45:04.946root 11241100x80000000000000004022105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4d00c4fa22eccd2021-12-22 12:45:04.947root 11241100x80000000000000004022106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c454b6b866cc9ff2021-12-22 12:45:04.947root 11241100x80000000000000004022107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5ac1ca8951323d2021-12-22 12:45:04.947root 11241100x80000000000000004022108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f1305551466c522021-12-22 12:45:04.947root 11241100x80000000000000004022109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3096587bf432b4c42021-12-22 12:45:04.947root 11241100x80000000000000004022110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8ed55e140481692021-12-22 12:45:04.947root 11241100x80000000000000004022111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d6165355c7bae22021-12-22 12:45:04.948root 11241100x80000000000000004022112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4221f51dcb0d3c222021-12-22 12:45:04.948root 11241100x80000000000000004022113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51f00e788b45dc72021-12-22 12:45:04.948root 11241100x80000000000000004022114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d99afb20214fc92021-12-22 12:45:04.948root 11241100x80000000000000004022115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7579b1491e39df42021-12-22 12:45:04.948root 11241100x80000000000000004022116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6510eaf352aac6532021-12-22 12:45:04.948root 11241100x80000000000000004022117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c4aeec40f04a5d2021-12-22 12:45:04.948root 11241100x80000000000000004022118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0320ec7366e65ad2021-12-22 12:45:04.949root 11241100x80000000000000004022119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63a45e612689dfd2021-12-22 12:45:04.949root 11241100x80000000000000004022120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3269f4a9aa4f3e02021-12-22 12:45:04.949root 11241100x80000000000000004022121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98769e5a4096d9d42021-12-22 12:45:04.949root 11241100x80000000000000004022122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80905a2d8aefc0d12021-12-22 12:45:04.949root 11241100x80000000000000004022123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99d397163876d412021-12-22 12:45:04.949root 11241100x80000000000000004022124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4acc8d70f98a1e2021-12-22 12:45:04.949root 11241100x80000000000000004022125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade5b8addeaaaf32021-12-22 12:45:04.950root 11241100x80000000000000004022126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8ba75626d194932021-12-22 12:45:04.950root 11241100x80000000000000004022127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb331cd8d29a28e2021-12-22 12:45:04.950root 11241100x80000000000000004022128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ea1c8e4966f4a22021-12-22 12:45:04.950root 11241100x80000000000000004022129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df97ed1d716c70602021-12-22 12:45:05.443root 11241100x80000000000000004022130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9253f4d0f165ca8e2021-12-22 12:45:05.443root 11241100x80000000000000004022131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27612900357319522021-12-22 12:45:05.444root 11241100x80000000000000004022132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a168e329d9fd2b1d2021-12-22 12:45:05.444root 11241100x80000000000000004022133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79525611a5a7d1712021-12-22 12:45:05.444root 11241100x80000000000000004022134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b6a000d7e6580e2021-12-22 12:45:05.444root 11241100x80000000000000004022135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753709a6d0280feb2021-12-22 12:45:05.444root 11241100x80000000000000004022136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b63e4c770129742021-12-22 12:45:05.445root 11241100x80000000000000004022137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162d949e6b37b2b42021-12-22 12:45:05.445root 11241100x80000000000000004022138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620840ad5e22682e2021-12-22 12:45:05.445root 11241100x80000000000000004022139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6412c45cb0c5d172021-12-22 12:45:05.445root 11241100x80000000000000004022140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d5647204992d482021-12-22 12:45:05.445root 11241100x80000000000000004022141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe1b6d40fe56bea2021-12-22 12:45:05.445root 11241100x80000000000000004022142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9aabe93af536a22021-12-22 12:45:05.445root 11241100x80000000000000004022143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b58ac4bf5d392352021-12-22 12:45:05.446root 11241100x80000000000000004022144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b39e54c147d6ec22021-12-22 12:45:05.446root 11241100x80000000000000004022145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9309990839ee0f72021-12-22 12:45:05.446root 11241100x80000000000000004022146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c323a6e6d98bc3ae2021-12-22 12:45:05.446root 11241100x80000000000000004022147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c24b3c64ff70512021-12-22 12:45:05.446root 11241100x80000000000000004022148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0843ac756a3a4d462021-12-22 12:45:05.446root 11241100x80000000000000004022149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b585f14fa9b887282021-12-22 12:45:05.446root 11241100x80000000000000004022150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd18c572d2099fa42021-12-22 12:45:05.446root 11241100x80000000000000004022151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d58509942ea52192021-12-22 12:45:05.446root 11241100x80000000000000004022152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a8747e376975d62021-12-22 12:45:05.446root 11241100x80000000000000004022153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adaa3e3976ea52e2021-12-22 12:45:05.447root 11241100x80000000000000004022154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4a0600f7db6cd12021-12-22 12:45:05.447root 11241100x80000000000000004022155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3959bddb1c1bef132021-12-22 12:45:05.447root 11241100x80000000000000004022156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eadeba6e86eca472021-12-22 12:45:05.447root 11241100x80000000000000004022157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423eee07d4a388b12021-12-22 12:45:05.447root 11241100x80000000000000004022158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9d376dcb4e18a52021-12-22 12:45:05.447root 11241100x80000000000000004022159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a621541cc41b36f22021-12-22 12:45:05.447root 11241100x80000000000000004022160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3633a3255b5c5aee2021-12-22 12:45:05.447root 11241100x80000000000000004022161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c23dd8e494860a2021-12-22 12:45:05.447root 11241100x80000000000000004022162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722baf89d0993b8a2021-12-22 12:45:05.448root 11241100x80000000000000004022163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb12f37d190aa802021-12-22 12:45:05.448root 11241100x80000000000000004022164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cd5d13de39250b2021-12-22 12:45:05.448root 11241100x80000000000000004022165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcff661669f698ae2021-12-22 12:45:05.448root 11241100x80000000000000004022166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfa5fa0d334656d2021-12-22 12:45:05.448root 11241100x80000000000000004022167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0333ca44425df3e72021-12-22 12:45:05.448root 11241100x80000000000000004022168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df819e963eed10422021-12-22 12:45:05.448root 11241100x80000000000000004022169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaf64eb88ef0eaf2021-12-22 12:45:05.448root 11241100x80000000000000004022170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617e55be11684d202021-12-22 12:45:05.448root 11241100x80000000000000004022171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c984943007918c2021-12-22 12:45:05.448root 11241100x80000000000000004022172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71d3412ad6aea612021-12-22 12:45:05.449root 11241100x80000000000000004022173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bb8ed3db16ed2c2021-12-22 12:45:05.449root 11241100x80000000000000004022174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c06e82b6520c452021-12-22 12:45:05.449root 11241100x80000000000000004022175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8587f53210f89ced2021-12-22 12:45:05.449root 11241100x80000000000000004022176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7a90bd6cfeeeb92021-12-22 12:45:05.449root 11241100x80000000000000004022177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166dfa09a9bb00ed2021-12-22 12:45:05.449root 11241100x80000000000000004022178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53531b44ab5812f2021-12-22 12:45:05.449root 11241100x80000000000000004022179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8b665a1314b93f2021-12-22 12:45:05.449root 11241100x80000000000000004022180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a3dab8903fd3222021-12-22 12:45:05.943root 11241100x80000000000000004022181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d179552700733932021-12-22 12:45:05.943root 11241100x80000000000000004022182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5782e494276d3d7e2021-12-22 12:45:05.943root 11241100x80000000000000004022183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a412fe8eb111aac22021-12-22 12:45:05.944root 11241100x80000000000000004022184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ca0c74379f08f82021-12-22 12:45:05.944root 11241100x80000000000000004022185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4644ee942ca8f6562021-12-22 12:45:05.944root 11241100x80000000000000004022186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf2e1f12f8297e32021-12-22 12:45:05.944root 11241100x80000000000000004022187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4ffade264b700e2021-12-22 12:45:05.944root 11241100x80000000000000004022188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0db57acca3756862021-12-22 12:45:05.944root 11241100x80000000000000004022189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60c8bf7d05932742021-12-22 12:45:05.945root 11241100x80000000000000004022190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49e0631c22c3e5f2021-12-22 12:45:05.945root 11241100x80000000000000004022191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f463e29054d430a2021-12-22 12:45:05.945root 11241100x80000000000000004022192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a4eb879809c1aa2021-12-22 12:45:05.945root 11241100x80000000000000004022193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcb30b9e7418e3a2021-12-22 12:45:05.945root 11241100x80000000000000004022194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47761ae2064762982021-12-22 12:45:05.945root 11241100x80000000000000004022195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dfddcede0c7e612021-12-22 12:45:05.945root 11241100x80000000000000004022196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0990a5d665c51c512021-12-22 12:45:05.945root 11241100x80000000000000004022197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cec33cfbd946e62021-12-22 12:45:05.945root 11241100x80000000000000004022198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28fee28231ec33b2021-12-22 12:45:05.946root 11241100x80000000000000004022199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e82fe111f2647182021-12-22 12:45:05.946root 11241100x80000000000000004022200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f1320ff451f58f2021-12-22 12:45:05.946root 11241100x80000000000000004022201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6ed5c5fb80af7b2021-12-22 12:45:05.946root 11241100x80000000000000004022202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04312bcb314066312021-12-22 12:45:05.946root 11241100x80000000000000004022203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d5cfc8ea5c1a662021-12-22 12:45:05.946root 11241100x80000000000000004022204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf041b0846b866512021-12-22 12:45:05.947root 11241100x80000000000000004022205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1729513a5492bc1c2021-12-22 12:45:05.947root 11241100x80000000000000004022206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7df4605cda32e22021-12-22 12:45:05.947root 11241100x80000000000000004022207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f544945231bf569b2021-12-22 12:45:05.947root 11241100x80000000000000004022208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5bbcc2f9f2bd262021-12-22 12:45:05.947root 11241100x80000000000000004022209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9511b1e1ecd4095b2021-12-22 12:45:05.947root 11241100x80000000000000004022210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e213cea19038a962021-12-22 12:45:05.948root 11241100x80000000000000004022211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62135c00232a04c62021-12-22 12:45:05.948root 11241100x80000000000000004022212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca5f7dfa116c42c2021-12-22 12:45:05.948root 11241100x80000000000000004022213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd76e50d14d8cb72021-12-22 12:45:05.948root 11241100x80000000000000004022214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657db34a2dad0f362021-12-22 12:45:05.948root 11241100x80000000000000004022215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a8c7e547c160bb2021-12-22 12:45:05.948root 11241100x80000000000000004022216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4911fc8323a20f462021-12-22 12:45:05.949root 11241100x80000000000000004022217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8103d68bf2ddfa2021-12-22 12:45:05.949root 11241100x80000000000000004022218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8a17e7dc7dcaa72021-12-22 12:45:05.949root 11241100x80000000000000004022219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77480c02f0b9276d2021-12-22 12:45:05.949root 11241100x80000000000000004022220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7565e200584c8e3b2021-12-22 12:45:05.949root 11241100x80000000000000004022221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d965d87a7d4a18f2021-12-22 12:45:05.950root 11241100x80000000000000004022222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4442435ecf7c4ec02021-12-22 12:45:05.950root 11241100x80000000000000004022223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cc819faa4481f52021-12-22 12:45:05.950root 11241100x80000000000000004022224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52381cc116ee637c2021-12-22 12:45:05.950root 11241100x80000000000000004022225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38e38df956b09652021-12-22 12:45:05.950root 11241100x80000000000000004022226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ff115e0b47788a2021-12-22 12:45:05.950root 11241100x80000000000000004022227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9765c066bdbe193f2021-12-22 12:45:05.951root 11241100x80000000000000004022228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de3ada75d954cac2021-12-22 12:45:05.951root 11241100x80000000000000004022229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809b5c598fe54ab22021-12-22 12:45:05.951root 11241100x80000000000000004022230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c8ff6c1038ebab2021-12-22 12:45:05.951root 23542300x80000000000000004022231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.125{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000004022232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.178{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56854-false10.0.1.12-8000- 11241100x80000000000000004022233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2007a732c9af322021-12-22 12:45:06.443root 11241100x80000000000000004022234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2a3f721c6c11ea2021-12-22 12:45:06.443root 11241100x80000000000000004022235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f3862b577c27502021-12-22 12:45:06.443root 11241100x80000000000000004022236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36c822b6ecb23c22021-12-22 12:45:06.444root 11241100x80000000000000004022237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6792ca6ebce7dcf12021-12-22 12:45:06.444root 11241100x80000000000000004022238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52560bd18a8c0cd72021-12-22 12:45:06.444root 11241100x80000000000000004022239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7190fcc0635e80be2021-12-22 12:45:06.444root 11241100x80000000000000004022240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4953cf693383e9642021-12-22 12:45:06.444root 11241100x80000000000000004022241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacd8d1a779245412021-12-22 12:45:06.444root 11241100x80000000000000004022242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08ef8b7331011682021-12-22 12:45:06.444root 11241100x80000000000000004022243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df7109463367c932021-12-22 12:45:06.444root 11241100x80000000000000004022244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729cc2245e84a5ff2021-12-22 12:45:06.445root 11241100x80000000000000004022245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbbec9f514db9c72021-12-22 12:45:06.445root 11241100x80000000000000004022246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374c0e69cc6a49f02021-12-22 12:45:06.445root 11241100x80000000000000004022247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fde72141f9a45c72021-12-22 12:45:06.445root 11241100x80000000000000004022248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da58e06f393e81752021-12-22 12:45:06.445root 11241100x80000000000000004022249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce993b576ac527852021-12-22 12:45:06.445root 11241100x80000000000000004022250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10302f75e044d12f2021-12-22 12:45:06.445root 11241100x80000000000000004022251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8473a6417fb1f65a2021-12-22 12:45:06.446root 11241100x80000000000000004022252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d06125b0efacdee2021-12-22 12:45:06.446root 11241100x80000000000000004022253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da85f1e32076af5f2021-12-22 12:45:06.446root 11241100x80000000000000004022254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcef784cb9220e32021-12-22 12:45:06.446root 11241100x80000000000000004022255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c31f2b1f0a25e12021-12-22 12:45:06.446root 11241100x80000000000000004022256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c029ab93e55627b2021-12-22 12:45:06.446root 11241100x80000000000000004022257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f4333955f495da2021-12-22 12:45:06.446root 11241100x80000000000000004022258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09d891ef18daf5a2021-12-22 12:45:06.447root 11241100x80000000000000004022259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e337382ed7b0d602021-12-22 12:45:06.447root 11241100x80000000000000004022260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b8eddce615831b2021-12-22 12:45:06.447root 11241100x80000000000000004022261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8229260d99d2b2b2021-12-22 12:45:06.447root 11241100x80000000000000004022262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f396b8c42dcfdf302021-12-22 12:45:06.447root 11241100x80000000000000004022263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f751b4e6e0832c52021-12-22 12:45:06.447root 11241100x80000000000000004022264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea77c1282a4a1be2021-12-22 12:45:06.447root 11241100x80000000000000004022265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fd53ff40f1fb972021-12-22 12:45:06.447root 11241100x80000000000000004022266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d56221d4b6e7e6f2021-12-22 12:45:06.448root 11241100x80000000000000004022267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f9a5731889436d2021-12-22 12:45:06.448root 11241100x80000000000000004022268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04d9f86201b528e2021-12-22 12:45:06.448root 11241100x80000000000000004022269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd0e9fe2f891552021-12-22 12:45:06.448root 11241100x80000000000000004022270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ef2ca77526e5a12021-12-22 12:45:06.448root 11241100x80000000000000004022271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77dbf6679a25eef2021-12-22 12:45:06.448root 11241100x80000000000000004022272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2529f8502dc75b282021-12-22 12:45:06.448root 11241100x80000000000000004022273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8738b6dee25d8562021-12-22 12:45:06.448root 11241100x80000000000000004022274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b53914af0558ad2021-12-22 12:45:06.448root 11241100x80000000000000004022275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61364ec53610f9782021-12-22 12:45:06.448root 11241100x80000000000000004022276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511766ddccebae8d2021-12-22 12:45:06.448root 11241100x80000000000000004022277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9767828888d112e32021-12-22 12:45:06.448root 11241100x80000000000000004022278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd5307ca5bb2dfb2021-12-22 12:45:06.448root 11241100x80000000000000004022279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4faa8ca211276452021-12-22 12:45:06.449root 11241100x80000000000000004022280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa4c40f34452d3a2021-12-22 12:45:06.449root 11241100x80000000000000004022281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13221812bb85ba82021-12-22 12:45:06.449root 11241100x80000000000000004022282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d69c5f596b05e602021-12-22 12:45:06.449root 11241100x80000000000000004022283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7feb303738c823b62021-12-22 12:45:06.449root 11241100x80000000000000004022284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da32f8250cc0f49b2021-12-22 12:45:06.449root 11241100x80000000000000004022285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15b208ead82c6c02021-12-22 12:45:06.451root 11241100x80000000000000004022286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26aaedc1cb4cf612021-12-22 12:45:06.451root 11241100x80000000000000004022287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a123bc58e0d005962021-12-22 12:45:06.451root 11241100x80000000000000004022288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d09b7c4954561c2021-12-22 12:45:06.942root 11241100x80000000000000004022289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247673eb718e4e482021-12-22 12:45:06.943root 11241100x80000000000000004022290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b45f339de507cb2021-12-22 12:45:06.943root 11241100x80000000000000004022291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306b67a87aeef1072021-12-22 12:45:06.943root 11241100x80000000000000004022292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb148056aab29592021-12-22 12:45:06.943root 11241100x80000000000000004022293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0886b7260441a2f52021-12-22 12:45:06.943root 11241100x80000000000000004022294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad7c41cb7fe41a92021-12-22 12:45:06.943root 11241100x80000000000000004022295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e01c75fa1759b12021-12-22 12:45:06.943root 11241100x80000000000000004022296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4bb2d9884ee3692021-12-22 12:45:06.944root 11241100x80000000000000004022297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49552df35f387ca2021-12-22 12:45:06.944root 11241100x80000000000000004022298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c9992ddef7f9092021-12-22 12:45:06.944root 11241100x80000000000000004022299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2545ce427136fb532021-12-22 12:45:06.944root 11241100x80000000000000004022300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b14808d3f9939742021-12-22 12:45:06.944root 11241100x80000000000000004022301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecebd5517b35dc52021-12-22 12:45:06.944root 11241100x80000000000000004022302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae2c529b1df93d02021-12-22 12:45:06.944root 11241100x80000000000000004022303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db0b058174d88792021-12-22 12:45:06.945root 11241100x80000000000000004022304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aef6d976b712f692021-12-22 12:45:06.945root 11241100x80000000000000004022305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd2d6a5c67a1e012021-12-22 12:45:06.945root 11241100x80000000000000004022306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19a2dc20ec0f9c02021-12-22 12:45:06.945root 11241100x80000000000000004022307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc033dd6df7742532021-12-22 12:45:06.945root 11241100x80000000000000004022308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b113209c07eb3492021-12-22 12:45:06.945root 11241100x80000000000000004022309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10926ef3207ed6d72021-12-22 12:45:06.945root 11241100x80000000000000004022310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515f110c9746fa9c2021-12-22 12:45:06.945root 11241100x80000000000000004022311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892ae3e2dd1924712021-12-22 12:45:06.946root 11241100x80000000000000004022312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f162bf6de33f952021-12-22 12:45:06.946root 11241100x80000000000000004022313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bba47265add55ef2021-12-22 12:45:06.946root 11241100x80000000000000004022314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cc6d0c565a49532021-12-22 12:45:06.947root 11241100x80000000000000004022315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e50f1c49f88d9462021-12-22 12:45:06.947root 11241100x80000000000000004022316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc09f7ffef2546e2021-12-22 12:45:06.947root 11241100x80000000000000004022317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bcea41272375b72021-12-22 12:45:06.947root 11241100x80000000000000004022318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08164694ee70f6002021-12-22 12:45:06.948root 11241100x80000000000000004022319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b073c6e382803e942021-12-22 12:45:06.948root 11241100x80000000000000004022320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d444d59ecb91fe442021-12-22 12:45:06.948root 11241100x80000000000000004022321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e251a526c6696d42021-12-22 12:45:06.948root 11241100x80000000000000004022322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfd0300af479ef72021-12-22 12:45:06.948root 11241100x80000000000000004022323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c072c450f97120a22021-12-22 12:45:06.948root 11241100x80000000000000004022324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b523db3c05fdb372021-12-22 12:45:06.948root 11241100x80000000000000004022325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df1a9206f58bab82021-12-22 12:45:06.948root 11241100x80000000000000004022326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fbf9ed8b2dd3b32021-12-22 12:45:06.948root 11241100x80000000000000004022327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43a1ab590f960c42021-12-22 12:45:06.949root 11241100x80000000000000004022328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c82f1aede0e0f2c2021-12-22 12:45:06.949root 11241100x80000000000000004022329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589d9cb144ba360d2021-12-22 12:45:06.949root 11241100x80000000000000004022330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61d9bc6faf13b802021-12-22 12:45:06.949root 11241100x80000000000000004022331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358922e72e743bab2021-12-22 12:45:06.949root 11241100x80000000000000004022332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb83a0253e365eb2021-12-22 12:45:06.949root 11241100x80000000000000004022333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e4a3b2170a80c12021-12-22 12:45:06.949root 11241100x80000000000000004022334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be59fa3654ac050d2021-12-22 12:45:06.949root 11241100x80000000000000004022335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2438982a959642021-12-22 12:45:06.949root 11241100x80000000000000004022336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b060547cf1ea176d2021-12-22 12:45:06.950root 11241100x80000000000000004022337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2048dfae1f16d2632021-12-22 12:45:06.950root 11241100x80000000000000004022338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685af77d4a2156fb2021-12-22 12:45:06.950root 11241100x80000000000000004022339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8641adfe7b559ae52021-12-22 12:45:06.950root 11241100x80000000000000004022340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37652f87f33a3572021-12-22 12:45:06.950root 11241100x80000000000000004022341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457906add6cf55b12021-12-22 12:45:06.950root 11241100x80000000000000004022342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bdf8a537f8ffca2021-12-22 12:45:06.950root 11241100x80000000000000004022343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f277ec7ec898f52021-12-22 12:45:06.950root 11241100x80000000000000004022344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86611699ca3a8ef2021-12-22 12:45:06.950root 11241100x80000000000000004022345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a95b28358e929612021-12-22 12:45:06.950root 11241100x80000000000000004022346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9d581e7bf26a512021-12-22 12:45:06.951root 11241100x80000000000000004022347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c234c520bde9052021-12-22 12:45:06.951root 11241100x80000000000000004022348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318bc2c0a7b14c552021-12-22 12:45:06.951root 11241100x80000000000000004022349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d97767c1161b5b2021-12-22 12:45:06.951root 11241100x80000000000000004022350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31493a5f8a334a7f2021-12-22 12:45:06.951root 11241100x80000000000000004022351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2111be10e1194fa82021-12-22 12:45:06.951root 11241100x80000000000000004022352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aa1dc885df9e892021-12-22 12:45:06.951root 11241100x80000000000000004022353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6c735eeee707bf2021-12-22 12:45:06.951root 11241100x80000000000000004022354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035de837d1f32ee52021-12-22 12:45:06.952root 11241100x80000000000000004022355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e50c60421f8a46c2021-12-22 12:45:07.443root 11241100x80000000000000004022356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de9d9cfa9c6099f2021-12-22 12:45:07.443root 11241100x80000000000000004022357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619e9edbd4ad08f82021-12-22 12:45:07.443root 11241100x80000000000000004022358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d9a73be7f9b3102021-12-22 12:45:07.443root 11241100x80000000000000004022359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966a7814c91465992021-12-22 12:45:07.444root 11241100x80000000000000004022360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d629847d9084b9d2021-12-22 12:45:07.444root 11241100x80000000000000004022361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0e4fa3541230372021-12-22 12:45:07.444root 11241100x80000000000000004022362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8737dd6cf9a12c2021-12-22 12:45:07.444root 11241100x80000000000000004022363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e17cf6d2603dcde2021-12-22 12:45:07.444root 11241100x80000000000000004022364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33acc81094a4abbc2021-12-22 12:45:07.444root 11241100x80000000000000004022365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3ac6e84e3219bb2021-12-22 12:45:07.444root 11241100x80000000000000004022366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf68f08c2a1d0c12021-12-22 12:45:07.444root 11241100x80000000000000004022367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28c119cc1e5dabb2021-12-22 12:45:07.444root 11241100x80000000000000004022368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dcba355da2682e2021-12-22 12:45:07.445root 11241100x80000000000000004022369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc2d6226e2d3a1d2021-12-22 12:45:07.445root 11241100x80000000000000004022370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec5b0c1f8487bdb2021-12-22 12:45:07.445root 11241100x80000000000000004022371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed506e8f40aacbb2021-12-22 12:45:07.445root 11241100x80000000000000004022372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18acace05eb33462021-12-22 12:45:07.445root 11241100x80000000000000004022373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1259f6d0f682655f2021-12-22 12:45:07.445root 11241100x80000000000000004022374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c533609653ba8c2021-12-22 12:45:07.445root 11241100x80000000000000004022375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dda2749ff6af952021-12-22 12:45:07.446root 11241100x80000000000000004022376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a17a8ff7239ac42021-12-22 12:45:07.446root 11241100x80000000000000004022377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910d472b1138f8f52021-12-22 12:45:07.446root 11241100x80000000000000004022378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fc302fb9195de02021-12-22 12:45:07.446root 11241100x80000000000000004022379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b892adca0b59102021-12-22 12:45:07.446root 11241100x80000000000000004022380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30adfae0eee09da12021-12-22 12:45:07.446root 11241100x80000000000000004022381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001cbdfedfc62d952021-12-22 12:45:07.446root 11241100x80000000000000004022382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5bc34fdf38125d2021-12-22 12:45:07.447root 11241100x80000000000000004022383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90426c404f3179c02021-12-22 12:45:07.447root 11241100x80000000000000004022384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8580013a25ad642021-12-22 12:45:07.447root 11241100x80000000000000004022385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523fc07a7b3a9f602021-12-22 12:45:07.447root 11241100x80000000000000004022386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a7dcdbdd43e80a2021-12-22 12:45:07.447root 11241100x80000000000000004022387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecea3c74d1293832021-12-22 12:45:07.447root 11241100x80000000000000004022388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ccc000000615dc2021-12-22 12:45:07.448root 11241100x80000000000000004022389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af904b6887532542021-12-22 12:45:07.448root 11241100x80000000000000004022390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771b1bf0366c4e642021-12-22 12:45:07.448root 11241100x80000000000000004022391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa851f2e325d9f12021-12-22 12:45:07.448root 11241100x80000000000000004022392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84620f43d077b0f2021-12-22 12:45:07.448root 11241100x80000000000000004022393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016f8ccffb981c6a2021-12-22 12:45:07.448root 11241100x80000000000000004022394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8bebecf1cbece42021-12-22 12:45:07.448root 11241100x80000000000000004022395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adee27a34be3e8d2021-12-22 12:45:07.449root 11241100x80000000000000004022396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7ec112138f6c182021-12-22 12:45:07.449root 11241100x80000000000000004022397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77293b7403aecd32021-12-22 12:45:07.449root 11241100x80000000000000004022398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9371afbb5968456b2021-12-22 12:45:07.449root 11241100x80000000000000004022399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008eeab650cb6c392021-12-22 12:45:07.449root 11241100x80000000000000004022400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3bc9322347d9762021-12-22 12:45:07.449root 11241100x80000000000000004022401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d0a302d3d54b7f2021-12-22 12:45:07.449root 11241100x80000000000000004022402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a31a4141552c1412021-12-22 12:45:07.449root 11241100x80000000000000004022403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978c4c55fb5c92d12021-12-22 12:45:07.449root 11241100x80000000000000004022404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc958eb2cf945332021-12-22 12:45:07.449root 11241100x80000000000000004022405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dbcf6a0a70a9882021-12-22 12:45:07.450root 11241100x80000000000000004022406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde62e39c9d133812021-12-22 12:45:07.450root 11241100x80000000000000004022407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aab6a01e901e6282021-12-22 12:45:07.450root 11241100x80000000000000004022408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a037d7c6823c2e92021-12-22 12:45:07.450root 11241100x80000000000000004022409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a9eb1038d43d012021-12-22 12:45:07.450root 11241100x80000000000000004022410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a855abe51e856da2021-12-22 12:45:07.450root 11241100x80000000000000004022411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18835aa99fc5b6e2021-12-22 12:45:07.450root 11241100x80000000000000004022412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235653acd3d119932021-12-22 12:45:07.450root 11241100x80000000000000004022413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352885bf1506aa192021-12-22 12:45:07.450root 11241100x80000000000000004022414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18553fe93c044a8e2021-12-22 12:45:07.451root 11241100x80000000000000004022415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb14f03bb1d516b12021-12-22 12:45:07.451root 11241100x80000000000000004022416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31d0d40229df4382021-12-22 12:45:07.451root 11241100x80000000000000004022417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16086e3948858c712021-12-22 12:45:07.451root 11241100x80000000000000004022418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ba4fc1babf66b02021-12-22 12:45:07.451root 11241100x80000000000000004022419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335960f6b1435e232021-12-22 12:45:07.451root 11241100x80000000000000004022420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e8096acaeb776c2021-12-22 12:45:07.452root 11241100x80000000000000004022421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9a425fda0767a82021-12-22 12:45:07.452root 11241100x80000000000000004022422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfd4c5d75e5e1c62021-12-22 12:45:07.452root 11241100x80000000000000004022423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c9adbe0cc23cd02021-12-22 12:45:07.452root 11241100x80000000000000004022424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5420485e357828412021-12-22 12:45:07.452root 11241100x80000000000000004022425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd7c972eb7ffc3e2021-12-22 12:45:07.452root 11241100x80000000000000004022426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dec63944de1a5d2021-12-22 12:45:07.452root 11241100x80000000000000004022427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b69002d6dc83e832021-12-22 12:45:07.452root 11241100x80000000000000004022428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c18a1934a829db72021-12-22 12:45:07.453root 11241100x80000000000000004022429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73894428a8ad6ce2021-12-22 12:45:07.453root 11241100x80000000000000004022430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17519bf572d9e47b2021-12-22 12:45:07.453root 11241100x80000000000000004022431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b77aceb98e084c92021-12-22 12:45:07.453root 11241100x80000000000000004022432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bb5eeaedabf4bc2021-12-22 12:45:07.453root 11241100x80000000000000004022433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ca10142c475b162021-12-22 12:45:07.453root 11241100x80000000000000004022434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a77c8123a5cfadf2021-12-22 12:45:07.453root 11241100x80000000000000004022435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7797329d728220ce2021-12-22 12:45:07.453root 11241100x80000000000000004022436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a56a9359eb32d5b2021-12-22 12:45:07.453root 11241100x80000000000000004022437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82203dfdf995bf02021-12-22 12:45:07.453root 11241100x80000000000000004022438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c84d47ef525b392021-12-22 12:45:07.453root 11241100x80000000000000004022439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1257ac736e56c0d72021-12-22 12:45:07.454root 11241100x80000000000000004022440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df46e2c24c48aa6b2021-12-22 12:45:07.454root 11241100x80000000000000004022441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ec8c7cec54f0bf2021-12-22 12:45:07.454root 11241100x80000000000000004022442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dd910a65a346752021-12-22 12:45:07.454root 11241100x80000000000000004022443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7696badad4008972021-12-22 12:45:07.454root 11241100x80000000000000004022444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b091ae0d4572b502021-12-22 12:45:07.454root 11241100x80000000000000004022445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9e7474d67f365d2021-12-22 12:45:07.454root 11241100x80000000000000004022446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281b538536b08d042021-12-22 12:45:07.454root 11241100x80000000000000004022447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904b0e25364d42e72021-12-22 12:45:07.454root 11241100x80000000000000004022448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b31403736c177fd2021-12-22 12:45:07.454root 11241100x80000000000000004022449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38ec5d2a83722bc2021-12-22 12:45:07.455root 11241100x80000000000000004022450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3291bd472058c3382021-12-22 12:45:07.455root 11241100x80000000000000004022451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f3fc19987491542021-12-22 12:45:07.455root 11241100x80000000000000004022452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e411c5e2ed394152021-12-22 12:45:07.455root 11241100x80000000000000004022453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ffd217d43bba592021-12-22 12:45:07.455root 11241100x80000000000000004022454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6282707147133c972021-12-22 12:45:07.455root 11241100x80000000000000004022455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7fc795446714d32021-12-22 12:45:07.455root 11241100x80000000000000004022456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dc51d5298aecba2021-12-22 12:45:07.455root 11241100x80000000000000004022457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fec79919924074c2021-12-22 12:45:07.455root 11241100x80000000000000004022458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a38f1c5b6c909162021-12-22 12:45:07.456root 11241100x80000000000000004022459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd957bb461f7cb52021-12-22 12:45:07.456root 11241100x80000000000000004022460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05ea4d6476c9f2b2021-12-22 12:45:07.456root 11241100x80000000000000004022461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccc84c310c9fdfb2021-12-22 12:45:07.456root 11241100x80000000000000004022462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7071be7e47e346392021-12-22 12:45:07.457root 11241100x80000000000000004022463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28636dd633f0b6072021-12-22 12:45:07.457root 11241100x80000000000000004022464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811ee46cb4568db82021-12-22 12:45:07.457root 11241100x80000000000000004022465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b50c2485a5016f02021-12-22 12:45:07.457root 11241100x80000000000000004022466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09e36adc32dc0b72021-12-22 12:45:07.457root 11241100x80000000000000004022467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7365cbf65909ef2021-12-22 12:45:07.457root 11241100x80000000000000004022468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97620d4827ce768b2021-12-22 12:45:07.457root 11241100x80000000000000004022469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c0aec97b6ca8cf2021-12-22 12:45:07.458root 11241100x80000000000000004022470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d3d0a51b517cbd2021-12-22 12:45:07.458root 11241100x80000000000000004022471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06697006a5d8e9b2021-12-22 12:45:07.458root 11241100x80000000000000004022472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725dfed9615d7d0d2021-12-22 12:45:07.458root 11241100x80000000000000004022473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489d4be97db6f7f62021-12-22 12:45:07.458root 11241100x80000000000000004022474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569be3c4505c9caf2021-12-22 12:45:07.458root 11241100x80000000000000004022475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ed63a23e64e31c2021-12-22 12:45:07.459root 11241100x80000000000000004022476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceb71daa2074ebc2021-12-22 12:45:07.460root 11241100x80000000000000004022477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98ea28f1e0a5b3f2021-12-22 12:45:07.460root 11241100x80000000000000004022478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e4b570776da252021-12-22 12:45:07.460root 11241100x80000000000000004022479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00d9e4090c050082021-12-22 12:45:07.460root 11241100x80000000000000004022480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86bd308d2f6c1112021-12-22 12:45:07.460root 11241100x80000000000000004022481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cbbc2db32f057a2021-12-22 12:45:07.461root 11241100x80000000000000004022482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4958e6dc27646aa92021-12-22 12:45:07.943root 11241100x80000000000000004022483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb3c9f9b3c8cc5c2021-12-22 12:45:07.943root 11241100x80000000000000004022484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6e47d13fe4428e2021-12-22 12:45:07.943root 11241100x80000000000000004022485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92de5ea54bd32ae2021-12-22 12:45:07.944root 11241100x80000000000000004022486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134b3f23452a1d1d2021-12-22 12:45:07.944root 11241100x80000000000000004022487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8390bb8e7c28c3b2021-12-22 12:45:07.944root 11241100x80000000000000004022488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536ee258b1a575f72021-12-22 12:45:07.944root 11241100x80000000000000004022489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a709056f3089cb9d2021-12-22 12:45:07.944root 11241100x80000000000000004022490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a728c2c9367ed702021-12-22 12:45:07.944root 11241100x80000000000000004022491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1c50c8c3e717fc2021-12-22 12:45:07.944root 11241100x80000000000000004022492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34deae878a227faf2021-12-22 12:45:07.944root 11241100x80000000000000004022493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2da2a2760a94b572021-12-22 12:45:07.945root 11241100x80000000000000004022494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19a786499ae54b52021-12-22 12:45:07.945root 11241100x80000000000000004022495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2426054b31df122021-12-22 12:45:07.945root 11241100x80000000000000004022496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d036146748a111142021-12-22 12:45:07.945root 11241100x80000000000000004022497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b38d66d136902f32021-12-22 12:45:07.945root 11241100x80000000000000004022498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f13af2d47dc7fe2021-12-22 12:45:07.945root 11241100x80000000000000004022499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20833c18a8b2f6052021-12-22 12:45:07.945root 11241100x80000000000000004022500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e16ab020c30da02021-12-22 12:45:07.946root 11241100x80000000000000004022501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d352ee66ccbe266b2021-12-22 12:45:07.946root 11241100x80000000000000004022502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5aae2971ee7e2b72021-12-22 12:45:07.946root 11241100x80000000000000004022503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30aa21372dc9e42e2021-12-22 12:45:07.946root 11241100x80000000000000004022504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4dcf0374f4cf092021-12-22 12:45:07.946root 11241100x80000000000000004022505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4192a68c787a712021-12-22 12:45:07.946root 11241100x80000000000000004022506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d116880bdd7e562021-12-22 12:45:07.946root 11241100x80000000000000004022507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fee89dbc0a512162021-12-22 12:45:07.947root 11241100x80000000000000004022508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf624d1b651216a2021-12-22 12:45:07.947root 11241100x80000000000000004022509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a78802564ff8622021-12-22 12:45:07.947root 11241100x80000000000000004022510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1b2d1c971117172021-12-22 12:45:07.947root 11241100x80000000000000004022511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef34f173c24c6f72021-12-22 12:45:07.947root 11241100x80000000000000004022512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e0a96283297ecf2021-12-22 12:45:07.947root 11241100x80000000000000004022513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c980dc00998aa32021-12-22 12:45:07.947root 11241100x80000000000000004022514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b522f777a485435e2021-12-22 12:45:07.948root 11241100x80000000000000004022515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186c063b0015f8722021-12-22 12:45:07.948root 11241100x80000000000000004022516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998d0f343327b8012021-12-22 12:45:07.948root 11241100x80000000000000004022517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f0d27e2da4b5432021-12-22 12:45:07.948root 11241100x80000000000000004022518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1662834f4333402021-12-22 12:45:07.949root 11241100x80000000000000004022519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f521d65375da9e672021-12-22 12:45:07.949root 11241100x80000000000000004022520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ec84e5113688f62021-12-22 12:45:07.949root 11241100x80000000000000004022521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38be4bf34fe5da692021-12-22 12:45:07.949root 11241100x80000000000000004022522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a301ccb37655cc02021-12-22 12:45:07.950root 11241100x80000000000000004022523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6e5119353181952021-12-22 12:45:07.950root 11241100x80000000000000004022524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ec30bf3de722df2021-12-22 12:45:07.950root 11241100x80000000000000004022525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146270178509c5332021-12-22 12:45:07.954root 11241100x80000000000000004022526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37af1edff19a293c2021-12-22 12:45:07.954root 11241100x80000000000000004022527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9028bacb4d1d5fc2021-12-22 12:45:07.954root 11241100x80000000000000004022528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9792ac7800264f2021-12-22 12:45:07.955root 11241100x80000000000000004022529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf7317d69b786de2021-12-22 12:45:07.955root 11241100x80000000000000004022530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea4cbbc948dff212021-12-22 12:45:07.956root 11241100x80000000000000004022531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b94f07cbe132382021-12-22 12:45:07.956root 11241100x80000000000000004022532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec3f5f535ed9ea42021-12-22 12:45:07.957root 11241100x80000000000000004022533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f5fe4082f7ced2021-12-22 12:45:07.957root 154100x80000000000000004022534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.113{ec2b6afe-1dd4-61c3-080e-cccf99550000}22717/usr/bin/sudo-----sudo depmod -a/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 354300x80000000000000004022535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.116{ec2b6afe-1dd4-61c3-080e-cccf99550000}22717/usr/bin/sudoubuntuudptruefalse127.0.0.1-50123-false127.0.0.53-53- 354300x80000000000000004022536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.116{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-44145-false10.0.0.2-53- 354300x80000000000000004022537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.116{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-57372-false10.0.0.2-53- 354300x80000000000000004022538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.117{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-50123- 354300x80000000000000004022539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.117{ec2b6afe-1dd4-61c3-080e-cccf99550000}22717/usr/bin/sudoubuntuudptruefalse127.0.0.1-44933-false127.0.0.53-53- 354300x80000000000000004022540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.117{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-44933- 154100x80000000000000004022541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.119{ec2b6afe-1dd4-61c3-50ad-97bf08560000}22718/bin/kmod-----depmod -a/home/ubuntu/rootkit_testroot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-1dd4-61c3-080e-cccf99550000}22717/usr/bin/sudosudoubuntu 11241100x80000000000000004022542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e31fbf96a1eb972021-12-22 12:45:08.442root 11241100x80000000000000004022543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e666268fd7c03b432021-12-22 12:45:08.443root 11241100x80000000000000004022544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080318ef0d6a04b82021-12-22 12:45:08.443root 11241100x80000000000000004022545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67f1b050347b9b72021-12-22 12:45:08.443root 11241100x80000000000000004022546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa85d71131b000a52021-12-22 12:45:08.443root 11241100x80000000000000004022547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ef6b9764c58d3a2021-12-22 12:45:08.443root 11241100x80000000000000004022548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54590783fda2a5c2021-12-22 12:45:08.443root 11241100x80000000000000004022549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f732c1ebbd515b1f2021-12-22 12:45:08.444root 11241100x80000000000000004022550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d5c9ebf67e8ed02021-12-22 12:45:08.444root 11241100x80000000000000004022551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc43bb3f4884d922021-12-22 12:45:08.444root 11241100x80000000000000004022552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ab26ae261bc7052021-12-22 12:45:08.444root 11241100x80000000000000004022553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf6f72b33de54912021-12-22 12:45:08.444root 11241100x80000000000000004022554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5122ee3f7a4a1d682021-12-22 12:45:08.444root 11241100x80000000000000004022555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adacca519f1e1d5c2021-12-22 12:45:08.444root 11241100x80000000000000004022556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efebe7de290bd5c2021-12-22 12:45:08.444root 11241100x80000000000000004022557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac9e2b1e1585f0d2021-12-22 12:45:08.445root 11241100x80000000000000004022558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e32d8ebaa46b91a2021-12-22 12:45:08.445root 11241100x80000000000000004022559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b67e7ff4d3665b2021-12-22 12:45:08.445root 11241100x80000000000000004022560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b4ec6edaf161b82021-12-22 12:45:08.445root 11241100x80000000000000004022561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9377a3184a46a8122021-12-22 12:45:08.445root 11241100x80000000000000004022562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2c3b91bff2e9332021-12-22 12:45:08.445root 11241100x80000000000000004022563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ea0c5107b7653e2021-12-22 12:45:08.445root 11241100x80000000000000004022564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a4d3cf0110fc5e2021-12-22 12:45:08.446root 11241100x80000000000000004022565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab26707fa9da655a2021-12-22 12:45:08.446root 11241100x80000000000000004022566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3074633fcfcf21022021-12-22 12:45:08.446root 11241100x80000000000000004022567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eaad2fab25ba172021-12-22 12:45:08.446root 11241100x80000000000000004022568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda67299df782d692021-12-22 12:45:08.446root 11241100x80000000000000004022569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed016f226c446242021-12-22 12:45:08.447root 11241100x80000000000000004022570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c37a0ab61f789462021-12-22 12:45:08.447root 11241100x80000000000000004022571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667df2bb091c2eaa2021-12-22 12:45:08.447root 11241100x80000000000000004022572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f184393192b68c92021-12-22 12:45:08.447root 11241100x80000000000000004022573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a68ac6dbe09dec2021-12-22 12:45:08.448root 11241100x80000000000000004022574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fdfd3d6337dd202021-12-22 12:45:08.448root 11241100x80000000000000004022575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff0b84ac9cf06d2021-12-22 12:45:08.448root 11241100x80000000000000004022576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b8d2f65f865a982021-12-22 12:45:08.448root 11241100x80000000000000004022577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6879a621accdf1f72021-12-22 12:45:08.449root 11241100x80000000000000004022578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf3e23a860f69332021-12-22 12:45:08.449root 11241100x80000000000000004022579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4faacc3c263f452021-12-22 12:45:08.449root 11241100x80000000000000004022580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e570133860253b2021-12-22 12:45:08.449root 11241100x80000000000000004022581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c5a097659ee60e2021-12-22 12:45:08.449root 11241100x80000000000000004022582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e7a1c43235237c2021-12-22 12:45:08.450root 11241100x80000000000000004022583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d287e93ae1da9d5c2021-12-22 12:45:08.450root 11241100x80000000000000004022584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b748775b622b221f2021-12-22 12:45:08.450root 11241100x80000000000000004022585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676866c07b7407542021-12-22 12:45:08.450root 11241100x80000000000000004022586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bfa3f10ed8173a2021-12-22 12:45:08.451root 11241100x80000000000000004022587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6297e9915f92f5352021-12-22 12:45:08.451root 11241100x80000000000000004022588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3dc362d9c5bc6f2021-12-22 12:45:08.451root 11241100x80000000000000004022589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc53cc907bd48dbf2021-12-22 12:45:08.451root 11241100x80000000000000004022590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9ca48b3d6635b62021-12-22 12:45:08.452root 11241100x80000000000000004022591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8fd5dc2697f5f52021-12-22 12:45:08.452root 11241100x80000000000000004022592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b791c7b941135672021-12-22 12:45:08.452root 11241100x80000000000000004022593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdaab8c0877922452021-12-22 12:45:08.452root 11241100x80000000000000004022594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66888fb4c56ca7f42021-12-22 12:45:08.452root 11241100x80000000000000004022595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03066c0ff4447ab22021-12-22 12:45:08.453root 11241100x80000000000000004022596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59724957d5d83d9a2021-12-22 12:45:08.453root 11241100x80000000000000004022597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244353f1747c5f992021-12-22 12:45:08.453root 11241100x80000000000000004022598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f2214e54c2e8c02021-12-22 12:45:08.453root 11241100x80000000000000004022599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94ff44fad8faa3b2021-12-22 12:45:08.454root 11241100x80000000000000004022600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179bf8d27b37c9fb2021-12-22 12:45:08.454root 11241100x80000000000000004022601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e499336463456472021-12-22 12:45:08.454root 11241100x80000000000000004022602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231e00b9e6ed49732021-12-22 12:45:08.454root 11241100x80000000000000004022603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248836df58dff1302021-12-22 12:45:08.454root 11241100x80000000000000004022604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefb5963da8716022021-12-22 12:45:08.455root 11241100x80000000000000004022605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bacff65e1a7b9fd2021-12-22 12:45:08.455root 11241100x80000000000000004022606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c99be039b35cc52021-12-22 12:45:08.455root 11241100x80000000000000004022607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee173c9b18f75772021-12-22 12:45:08.455root 11241100x80000000000000004022608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06241dee9afdcfa2021-12-22 12:45:08.456root 11241100x80000000000000004022609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f44a9cbf6097422021-12-22 12:45:08.457root 11241100x80000000000000004022610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad345268e5ce67c2021-12-22 12:45:08.460root 11241100x80000000000000004022611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90d08e4ed87aa362021-12-22 12:45:08.460root 11241100x80000000000000004022612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd4d2a6e4bf0ea12021-12-22 12:45:08.460root 11241100x80000000000000004022613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d728e49aaf6cae22021-12-22 12:45:08.460root 11241100x80000000000000004022614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffe767b3ef141782021-12-22 12:45:08.461root 11241100x80000000000000004022615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cfe016833468da2021-12-22 12:45:08.461root 11241100x80000000000000004022616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bc6bf5d68ffd772021-12-22 12:45:08.461root 11241100x80000000000000004022617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f153ea420e258d962021-12-22 12:45:08.462root 11241100x80000000000000004022618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3c06cb2144f3a12021-12-22 12:45:08.462root 11241100x80000000000000004022619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a9b90552a561d72021-12-22 12:45:08.462root 11241100x80000000000000004022620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cf79420b0f728b2021-12-22 12:45:08.462root 11241100x80000000000000004022621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42ce2a81d2ca0582021-12-22 12:45:08.463root 11241100x80000000000000004022622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652dfaf485729a4a2021-12-22 12:45:08.463root 11241100x80000000000000004022623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa77ef6fb904559f2021-12-22 12:45:08.463root 11241100x80000000000000004022624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a020499445d23b5e2021-12-22 12:45:08.463root 11241100x80000000000000004022625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579f6b3be621162f2021-12-22 12:45:08.463root 11241100x80000000000000004022626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfed6bd91f3da3102021-12-22 12:45:08.463root 11241100x80000000000000004022627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86903797a8846662021-12-22 12:45:08.464root 11241100x80000000000000004022628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e018ab5a2f890752021-12-22 12:45:08.464root 11241100x80000000000000004022629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e0e57256e935c12021-12-22 12:45:08.464root 11241100x80000000000000004022630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1ff85a9cb76b7f2021-12-22 12:45:08.465root 11241100x80000000000000004022631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad49887311ab0ab2021-12-22 12:45:08.465root 11241100x80000000000000004022632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b03e39ac52c1ec2021-12-22 12:45:08.465root 11241100x80000000000000004022633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ac956881b695c52021-12-22 12:45:08.465root 11241100x80000000000000004022634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda491cf576f91762021-12-22 12:45:08.466root 11241100x80000000000000004022635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5796ea1d26d08f2021-12-22 12:45:08.466root 11241100x80000000000000004022636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b556361c5b7d26d2021-12-22 12:45:08.466root 11241100x80000000000000004022637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c5639cecce238d2021-12-22 12:45:08.466root 11241100x80000000000000004022638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48bb9dcb1eb08ba2021-12-22 12:45:08.466root 11241100x80000000000000004022639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc945656bc3c8b92021-12-22 12:45:08.467root 11241100x80000000000000004022640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf5ae724af263202021-12-22 12:45:08.467root 11241100x80000000000000004022641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad46178b82a22ef12021-12-22 12:45:08.467root 11241100x80000000000000004022642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d862c2f8e09e9e2021-12-22 12:45:08.467root 11241100x80000000000000004022643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972d1a0b36fd39382021-12-22 12:45:08.467root 11241100x80000000000000004022644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d96f7fb954d45cd2021-12-22 12:45:08.467root 11241100x80000000000000004022645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005d878aa0cc66362021-12-22 12:45:08.467root 11241100x80000000000000004022646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d558618d00614ba2021-12-22 12:45:08.468root 11241100x80000000000000004022647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd26923ff4cf9ec2021-12-22 12:45:08.468root 11241100x80000000000000004022648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4cf0a1dde7fcbe2021-12-22 12:45:08.468root 11241100x80000000000000004022649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc30c22fe42e6ea2021-12-22 12:45:08.468root 11241100x80000000000000004022650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5208a01520523e632021-12-22 12:45:08.468root 11241100x80000000000000004022651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a518492c5136142021-12-22 12:45:08.468root 11241100x80000000000000004022652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b70f64168b0a6d42021-12-22 12:45:08.469root 11241100x80000000000000004022653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d60cfcd1d5cd852021-12-22 12:45:08.469root 11241100x80000000000000004022654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09ffa8e6c05e5182021-12-22 12:45:08.469root 11241100x80000000000000004022655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd287f99b98a52e2021-12-22 12:45:08.469root 11241100x80000000000000004022656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f13e1bd73233162021-12-22 12:45:08.469root 11241100x80000000000000004022657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46d35a838d157c02021-12-22 12:45:08.471root 11241100x80000000000000004022658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29a4371505302d22021-12-22 12:45:08.471root 11241100x80000000000000004022659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a60d30b69840aa82021-12-22 12:45:08.472root 11241100x80000000000000004022660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65729626b93b9ec82021-12-22 12:45:08.472root 11241100x80000000000000004022661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27c5ffe612268c02021-12-22 12:45:08.472root 11241100x80000000000000004022662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df93d49e143f0e62021-12-22 12:45:08.473root 11241100x80000000000000004022663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7558315931356f162021-12-22 12:45:08.473root 11241100x80000000000000004022664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6718076d912e81012021-12-22 12:45:08.473root 11241100x80000000000000004022665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7014cb53356b9d5d2021-12-22 12:45:08.473root 11241100x80000000000000004022666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5823267761b567982021-12-22 12:45:08.473root 11241100x80000000000000004022667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77acf288cac428302021-12-22 12:45:08.475root 11241100x80000000000000004022668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7594c8bb9cf2abb2021-12-22 12:45:08.475root 11241100x80000000000000004022669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59799b89ffda55682021-12-22 12:45:08.478root 11241100x80000000000000004022670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e1f29ff81861642021-12-22 12:45:08.478root 11241100x80000000000000004022671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1162ccb917f237f2021-12-22 12:45:08.478root 11241100x80000000000000004022672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c30bff6f82fae62021-12-22 12:45:08.478root 11241100x80000000000000004022673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bb60af832cab6d2021-12-22 12:45:08.478root 11241100x80000000000000004022674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b4b09433ff606c2021-12-22 12:45:08.478root 11241100x80000000000000004022675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7793cd367bf2ddb2021-12-22 12:45:08.480root 11241100x80000000000000004022676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbcb3406e02024b2021-12-22 12:45:08.480root 11241100x80000000000000004022677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5444f08f9d41a8b32021-12-22 12:45:08.480root 11241100x80000000000000004022678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec15e9ce7199e50c2021-12-22 12:45:08.480root 11241100x80000000000000004022679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd0450c61dc9e462021-12-22 12:45:08.480root 11241100x80000000000000004022680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78c53ff249f5dc42021-12-22 12:45:08.480root 11241100x80000000000000004022681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53be96036dffc542021-12-22 12:45:08.480root 11241100x80000000000000004022682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3b8d68cb235b022021-12-22 12:45:08.483root 11241100x80000000000000004022683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66707970c09fa3b2021-12-22 12:45:08.483root 11241100x80000000000000004022684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b93d2492bac8af2021-12-22 12:45:08.483root 11241100x80000000000000004022685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fcc40aba1852bd2021-12-22 12:45:08.483root 11241100x80000000000000004022686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cd04e9cd06c9fa2021-12-22 12:45:08.483root 11241100x80000000000000004022687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3e100c480294d62021-12-22 12:45:08.483root 11241100x80000000000000004022688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f893fdc6dd6088a22021-12-22 12:45:08.485root 11241100x80000000000000004022689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783c9c67fdea87c72021-12-22 12:45:08.485root 11241100x80000000000000004022690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc866bfa3c807bff2021-12-22 12:45:08.485root 11241100x80000000000000004022691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df01462fd7064662021-12-22 12:45:08.485root 11241100x80000000000000004022692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e83c192a5244132021-12-22 12:45:08.487root 11241100x80000000000000004022693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a7a4b9beb568d72021-12-22 12:45:08.487root 11241100x80000000000000004022694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabdf5fcf75d0c4a2021-12-22 12:45:08.487root 11241100x80000000000000004022695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7bf590592a3f862021-12-22 12:45:08.488root 11241100x80000000000000004022696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56707db79c99732c2021-12-22 12:45:08.488root 11241100x80000000000000004022697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7436fd1ba7ad1b2021-12-22 12:45:08.488root 11241100x80000000000000004022698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8994d8ed461d1ad2021-12-22 12:45:08.488root 11241100x80000000000000004022699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c3a6ea4a1765212021-12-22 12:45:08.488root 11241100x80000000000000004022700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6badcafbbfde54e2021-12-22 12:45:08.488root 11241100x80000000000000004022701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c8e81bdd81f9562021-12-22 12:45:08.488root 11241100x80000000000000004022702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae9e293224e41812021-12-22 12:45:08.488root 11241100x80000000000000004022703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f92c0d8a0dbef32021-12-22 12:45:08.488root 11241100x80000000000000004022704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d6ef2c59be3c752021-12-22 12:45:08.488root 11241100x80000000000000004022705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd86185743d5f8812021-12-22 12:45:08.488root 11241100x80000000000000004022706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d20db8f9548f8c2021-12-22 12:45:08.488root 11241100x80000000000000004022707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb20c78a3fc2423b2021-12-22 12:45:08.488root 11241100x80000000000000004022708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c326fdc36aef142021-12-22 12:45:08.488root 11241100x80000000000000004022709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16a07c2bfc8c8bb2021-12-22 12:45:08.488root 11241100x80000000000000004022710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a551552c567e292021-12-22 12:45:08.488root 11241100x80000000000000004022711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1241d4f641c66522021-12-22 12:45:08.489root 11241100x80000000000000004022712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d04368d33ca44452021-12-22 12:45:08.489root 11241100x80000000000000004022713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e6d4340cff42882021-12-22 12:45:08.489root 11241100x80000000000000004022714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db609701cbbd0b92021-12-22 12:45:08.489root 11241100x80000000000000004022715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6e288b7bd6daa82021-12-22 12:45:08.490root 11241100x80000000000000004022716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c929369648930a92021-12-22 12:45:08.490root 11241100x80000000000000004022717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c33b87934a364652021-12-22 12:45:08.490root 11241100x80000000000000004022718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20f9b287885e9d02021-12-22 12:45:08.490root 11241100x80000000000000004022719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5bce25134e15d2021-12-22 12:45:08.490root 11241100x80000000000000004022720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4dc2e3f815b8c62021-12-22 12:45:08.490root 11241100x80000000000000004022721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacc3f8f238808b52021-12-22 12:45:08.490root 154100x80000000000000004022798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.895{ec2b6afe-1dda-61c3-08ae-acf49c550000}22719/usr/bin/sudo-----sudo rmmod rootkit/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 354300x80000000000000004022799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.899{ec2b6afe-1dda-61c3-08ae-acf49c550000}22719/usr/bin/sudoubuntuudptruefalse127.0.0.1-45378-false127.0.0.53-53- 354300x80000000000000004022800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.900{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-50476-false10.0.0.2-53- 354300x80000000000000004022801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.900{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-39006-false10.0.0.2-53- 354300x80000000000000004022802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.900{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45378- 354300x80000000000000004022803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.900{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-36944- 354300x80000000000000004022804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.900{ec2b6afe-1dda-61c3-08ae-acf49c550000}22719/usr/bin/sudoubuntuudptruefalse127.0.0.1-36944-false127.0.0.53-53- 154100x80000000000000004022805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.903{ec2b6afe-1dda-61c3-503d-6b341b560000}22720/bin/kmod-----rmmod rootkit/home/ubuntu/rootkit_testroot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-1dda-61c3-08ae-acf49c550000}22719/usr/bin/sudosudoubuntu 11241100x80000000000000004022806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.904{ec2b6afe-9233-61c1-b8ed-5a3378550000}473/lib/systemd/systemd-udevd/run/udev/queue2021-12-22 12:45:14.904root 23542300x80000000000000004022807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.913{ec2b6afe-9233-61c1-b8ed-5a3378550000}473root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000004022808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.915{ec2b6afe-1dda-61c3-503d-6b341b560000}22720/bin/kmodroot 534500x80000000000000004022809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.915{00000000-0000-0000-0000-000000000000}22721<unknown process>root 534500x80000000000000004022810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.916{ec2b6afe-1dda-61c3-08ae-acf49c550000}22719/usr/bin/sudoroot 11241100x80000000000000004022811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a698ae4f111cdc2021-12-22 12:45:15.193root 11241100x80000000000000004022812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7322aaf89ff50842021-12-22 12:45:15.193root 11241100x80000000000000004022813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ab1287f2b049972021-12-22 12:45:15.193root 11241100x80000000000000004022814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5bae118a9735a02021-12-22 12:45:15.194root 11241100x80000000000000004022815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00f7d837a03e71b2021-12-22 12:45:15.194root 11241100x80000000000000004022816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992e3934d0a654242021-12-22 12:45:15.194root 11241100x80000000000000004022817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d997a1071623922021-12-22 12:45:15.195root 11241100x80000000000000004022818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1106d7dd6c501dd2021-12-22 12:45:15.195root 11241100x80000000000000004022819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48943599a6be0f872021-12-22 12:45:15.195root 11241100x80000000000000004022820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4f5a7806d5ec6c2021-12-22 12:45:15.196root 11241100x80000000000000004022821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bfa16942cf6db92021-12-22 12:45:15.196root 11241100x80000000000000004022822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3d29f5d41212072021-12-22 12:45:15.196root 11241100x80000000000000004022823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde6412c17b3f7302021-12-22 12:45:15.196root 11241100x80000000000000004022824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c38c891d7982f452021-12-22 12:45:15.692root 11241100x80000000000000004022825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b72a4bb952dc2ac2021-12-22 12:45:15.693root 11241100x80000000000000004022826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657200b535dbdf052021-12-22 12:45:15.693root 11241100x80000000000000004022827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3d1c2bbc52d0072021-12-22 12:45:15.693root 11241100x80000000000000004022828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69b37862d66d08f2021-12-22 12:45:15.693root 11241100x80000000000000004022829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60d222eaa86b1882021-12-22 12:45:15.693root 11241100x80000000000000004022830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af83cb8dcb8cbe822021-12-22 12:45:15.694root 11241100x80000000000000004022831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1a01eec42b03d62021-12-22 12:45:15.694root 11241100x80000000000000004022832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477a06f1fb8752392021-12-22 12:45:15.694root 11241100x80000000000000004022833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9102be35e7deba512021-12-22 12:45:15.694root 11241100x80000000000000004022834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077a325dd3af48f82021-12-22 12:45:15.694root 11241100x80000000000000004022835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1afe6173e5bfde2021-12-22 12:45:15.694root 11241100x80000000000000004022836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001dcb601916d3852021-12-22 12:45:15.694root 11241100x80000000000000004022837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6beaf9deb783cf282021-12-22 12:45:16.193root 11241100x80000000000000004022838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f123ad5c6a2b3c2021-12-22 12:45:16.193root 11241100x80000000000000004022839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bb65957ed601722021-12-22 12:45:16.193root 11241100x80000000000000004022840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cede18549359872021-12-22 12:45:16.193root 11241100x80000000000000004022841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813a61f99d8867412021-12-22 12:45:16.194root 11241100x80000000000000004022842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c256a9e641cd692021-12-22 12:45:16.194root 11241100x80000000000000004022843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99130e4f5dfb0632021-12-22 12:45:16.194root 11241100x80000000000000004022844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a5d6da1ce490462021-12-22 12:45:16.194root 11241100x80000000000000004022845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c7bae8bd0eb63c2021-12-22 12:45:16.194root 11241100x80000000000000004022846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d361bbd60dc8de2e2021-12-22 12:45:16.194root 11241100x80000000000000004022847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f489edb7c843fa5e2021-12-22 12:45:16.194root 11241100x80000000000000004022848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0351e22a3c08d5c92021-12-22 12:45:16.195root 11241100x80000000000000004022849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29ac0eea098dc1d2021-12-22 12:45:16.195root 11241100x80000000000000004022850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a632a9becc301bb2021-12-22 12:45:16.693root 11241100x80000000000000004022851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615111bf86d065a42021-12-22 12:45:16.693root 11241100x80000000000000004022852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdd6948d8fbefac2021-12-22 12:45:16.693root 11241100x80000000000000004022853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc8a592611cc8752021-12-22 12:45:16.693root 11241100x80000000000000004022854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9333a4a849defd102021-12-22 12:45:16.694root 11241100x80000000000000004022855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604fbfc740b18fe22021-12-22 12:45:16.694root 11241100x80000000000000004022856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8cd5e5b5fea42a2021-12-22 12:45:16.694root 11241100x80000000000000004022857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0127b3d0f6749432021-12-22 12:45:16.694root 11241100x80000000000000004022858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75919a312598a3862021-12-22 12:45:16.694root 11241100x80000000000000004022859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb25df84e26564f42021-12-22 12:45:16.694root 11241100x80000000000000004022860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc21910aeaa21202021-12-22 12:45:16.694root 11241100x80000000000000004022861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568faaf93f1a4dc42021-12-22 12:45:16.695root 11241100x80000000000000004022862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169ec27d4023a2a62021-12-22 12:45:16.695root 354300x80000000000000004022863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.130{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56858-false10.0.1.12-8000- 11241100x80000000000000004022864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757448a116c00d5d2021-12-22 12:45:17.130root 11241100x80000000000000004022865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b8ae41513788022021-12-22 12:45:17.130root 11241100x80000000000000004022866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b828e80286070d2021-12-22 12:45:17.131root 11241100x80000000000000004022867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ff22a469e2fd372021-12-22 12:45:17.131root 11241100x80000000000000004022868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1130723df941b3b72021-12-22 12:45:17.131root 11241100x80000000000000004022869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c51d093fa0ca9b02021-12-22 12:45:17.131root 11241100x80000000000000004022870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e8098e526324232021-12-22 12:45:17.131root 11241100x80000000000000004022871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c09c32a65570732021-12-22 12:45:17.131root 11241100x80000000000000004022872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35349fd42b44e05d2021-12-22 12:45:17.131root 11241100x80000000000000004022873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab95eb1fec145b482021-12-22 12:45:17.131root 11241100x80000000000000004022874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db5a782076d73fb2021-12-22 12:45:17.132root 11241100x80000000000000004022875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedb0f18708594ab2021-12-22 12:45:17.132root 11241100x80000000000000004022876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062ccd7cd7c10be32021-12-22 12:45:17.132root 11241100x80000000000000004022877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cb25150179cf2d2021-12-22 12:45:17.132root 11241100x80000000000000004022878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f5989cf05e11382021-12-22 12:45:17.443root 11241100x80000000000000004022879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fed1786560e8082021-12-22 12:45:17.443root 11241100x80000000000000004022880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056d1b766e252ae62021-12-22 12:45:17.443root 11241100x80000000000000004022881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d40a1e9865eb9a22021-12-22 12:45:17.443root 11241100x80000000000000004022882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c67440da2de5572021-12-22 12:45:17.443root 11241100x80000000000000004022883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0959f653a7cb18ca2021-12-22 12:45:17.444root 11241100x80000000000000004022884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996a1a18aa46ca6a2021-12-22 12:45:17.444root 11241100x80000000000000004022885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aca40dcb7de5f842021-12-22 12:45:17.444root 11241100x80000000000000004022886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fe03b27b7210262021-12-22 12:45:17.444root 11241100x80000000000000004022887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dff7e5a1b3aa41f2021-12-22 12:45:17.444root 11241100x80000000000000004022888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942004a089e8c8602021-12-22 12:45:17.444root 11241100x80000000000000004022889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e123fb33a5e7b5172021-12-22 12:45:17.444root 11241100x80000000000000004022890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c7eed54438c83a2021-12-22 12:45:17.444root 11241100x80000000000000004022891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba556ab67f0d0db42021-12-22 12:45:17.444root 11241100x80000000000000004022892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae9186fac0fe6c62021-12-22 12:45:17.943root 11241100x80000000000000004022893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af29912cea618302021-12-22 12:45:17.943root 11241100x80000000000000004022894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e954b4522e2569a2021-12-22 12:45:17.943root 11241100x80000000000000004022895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fac97a4dbdb8022021-12-22 12:45:17.943root 11241100x80000000000000004022896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ba48fa8a55bbfb2021-12-22 12:45:17.943root 11241100x80000000000000004022897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d43f8e818941f4c2021-12-22 12:45:17.944root 11241100x80000000000000004022898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b50e75c686e3782021-12-22 12:45:17.944root 11241100x80000000000000004022899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a99a1f7b065a0a2021-12-22 12:45:17.944root 11241100x80000000000000004022900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f162f0df43bacb0e2021-12-22 12:45:17.944root 11241100x80000000000000004022901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a7ad35259d0fa62021-12-22 12:45:17.944root 11241100x80000000000000004022902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ba5aad61118d62021-12-22 12:45:17.944root 11241100x80000000000000004022903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af8ca86e9d811992021-12-22 12:45:17.945root 11241100x80000000000000004022904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946662bacdbb13962021-12-22 12:45:17.945root 11241100x80000000000000004022905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8623be471b76ebc12021-12-22 12:45:17.945root 11241100x80000000000000004022906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf4d10f9635dcf32021-12-22 12:45:18.443root 11241100x80000000000000004022907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6194c613f273d16a2021-12-22 12:45:18.443root 11241100x80000000000000004022908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9d0da3eebd48952021-12-22 12:45:18.443root 11241100x80000000000000004022909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65335ea6f46f432b2021-12-22 12:45:18.443root 11241100x80000000000000004022910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd6025bc16628eb2021-12-22 12:45:18.443root 11241100x80000000000000004022911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e06c04245ad4692021-12-22 12:45:18.443root 11241100x80000000000000004022912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26f1eba93ee27582021-12-22 12:45:18.443root 11241100x80000000000000004022913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8547b68af45064fd2021-12-22 12:45:18.443root 11241100x80000000000000004022914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be182a9980c04dce2021-12-22 12:45:18.444root 11241100x80000000000000004022915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6758e999bb79ce2021-12-22 12:45:18.444root 11241100x80000000000000004022916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c97e211ccdd50102021-12-22 12:45:18.444root 11241100x80000000000000004022917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60c087a70d9e47a2021-12-22 12:45:18.444root 11241100x80000000000000004022918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dc8063225e2a952021-12-22 12:45:18.444root 11241100x80000000000000004022919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee80d4ab4d7f4d42021-12-22 12:45:18.444root 11241100x80000000000000004022920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eafaae0f20fe9f2021-12-22 12:45:18.943root 11241100x80000000000000004022921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a63fac1c4d66fe2021-12-22 12:45:18.943root 11241100x80000000000000004022922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb6c059296fbc392021-12-22 12:45:18.943root 11241100x80000000000000004022923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02da5ed3f86518842021-12-22 12:45:18.943root 11241100x80000000000000004022924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfbe46b0e98b6002021-12-22 12:45:18.944root 11241100x80000000000000004022925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f16a7b6d99e1acf2021-12-22 12:45:18.944root 11241100x80000000000000004022926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e025fbffc2df4bb2021-12-22 12:45:18.944root 11241100x80000000000000004022927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee8645d5be33ace2021-12-22 12:45:18.944root 11241100x80000000000000004022928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b383c48d6af5e0032021-12-22 12:45:18.944root 11241100x80000000000000004022929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9b6186d7dc72192021-12-22 12:45:18.945root 11241100x80000000000000004022930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae27ac55f7d60a92021-12-22 12:45:18.945root 11241100x80000000000000004022931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e00453331e55cb72021-12-22 12:45:18.945root 11241100x80000000000000004022932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b89449335948f3a2021-12-22 12:45:18.945root 11241100x80000000000000004022933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4293d10be42bf0a2021-12-22 12:45:18.945root 11241100x80000000000000004022934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c0ee9a7b3fdec42021-12-22 12:45:19.443root 11241100x80000000000000004022935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f4af448482337a2021-12-22 12:45:19.443root 11241100x80000000000000004022936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e484efd3207c7dae2021-12-22 12:45:19.443root 11241100x80000000000000004022937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ecd6927f883a2f2021-12-22 12:45:19.443root 11241100x80000000000000004022938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5427a5835b99d7d62021-12-22 12:45:19.443root 11241100x80000000000000004022939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2572efbcbfdd24302021-12-22 12:45:19.443root 11241100x80000000000000004022940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66291a1171f743f72021-12-22 12:45:19.444root 11241100x80000000000000004022941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea04094d5a9b7f82021-12-22 12:45:19.444root 11241100x80000000000000004022942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af1f073510eefe82021-12-22 12:45:19.444root 11241100x80000000000000004022943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45e777051b4039c2021-12-22 12:45:19.444root 11241100x80000000000000004022944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a6eb056662b6df2021-12-22 12:45:19.444root 11241100x80000000000000004022945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37e3de6f15218002021-12-22 12:45:19.444root 11241100x80000000000000004022946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67763d818375c43e2021-12-22 12:45:19.445root 11241100x80000000000000004022947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60d9d91b069148a2021-12-22 12:45:19.445root 11241100x80000000000000004022948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13eb4a03357a91162021-12-22 12:45:19.943root 11241100x80000000000000004022949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fddbbb7f57fb472021-12-22 12:45:19.943root 11241100x80000000000000004022950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4feca7030ed2ff82021-12-22 12:45:19.943root 11241100x80000000000000004022951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179fb11df0f365522021-12-22 12:45:19.943root 11241100x80000000000000004022952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebda5c6d8b616ae2021-12-22 12:45:19.943root 11241100x80000000000000004022953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a70460b14e526bc2021-12-22 12:45:19.943root 11241100x80000000000000004022954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51db5e66e3aa0c4e2021-12-22 12:45:19.943root 11241100x80000000000000004022955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcc3a14b2e2d5bc2021-12-22 12:45:19.943root 11241100x80000000000000004022956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7965cb97c8fd46e42021-12-22 12:45:19.944root 11241100x80000000000000004022957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52e6d344973adcf2021-12-22 12:45:19.944root 11241100x80000000000000004022958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1808cc740df6d2992021-12-22 12:45:19.944root 11241100x80000000000000004022959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355a739ea17234af2021-12-22 12:45:19.944root 11241100x80000000000000004022960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5c5083f47a50e62021-12-22 12:45:19.944root 11241100x80000000000000004022961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7671c22a13de9322021-12-22 12:45:19.944root 11241100x80000000000000004022962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa1d3f3402485892021-12-22 12:45:20.442root 11241100x80000000000000004022963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb0e1f2036a080a2021-12-22 12:45:20.443root 11241100x80000000000000004022964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845a530f92b408102021-12-22 12:45:20.443root 11241100x80000000000000004022965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359f401c837dddaf2021-12-22 12:45:20.443root 11241100x80000000000000004022966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266fe0b635d8514d2021-12-22 12:45:20.443root 11241100x80000000000000004022967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f76e93b30a5af82021-12-22 12:45:20.443root 11241100x80000000000000004022968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f32bd859412fc2021-12-22 12:45:20.443root 11241100x80000000000000004022969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ba6df439213efa2021-12-22 12:45:20.444root 11241100x80000000000000004022970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac8cdc3455d17002021-12-22 12:45:20.444root 11241100x80000000000000004022971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2419270d802a59902021-12-22 12:45:20.444root 11241100x80000000000000004022972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f987247df4555f12021-12-22 12:45:20.444root 11241100x80000000000000004022973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30654251e8b263aa2021-12-22 12:45:20.444root 11241100x80000000000000004022974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d22f2fbe7f5cc42021-12-22 12:45:20.445root 11241100x80000000000000004022975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c7795aa52f11e12021-12-22 12:45:20.445root 11241100x80000000000000004022976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01c770a901a1ca92021-12-22 12:45:20.943root 11241100x80000000000000004022977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4814ac06d45294d52021-12-22 12:45:20.943root 11241100x80000000000000004022978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee119643882d80de2021-12-22 12:45:20.943root 11241100x80000000000000004022979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51ec40312b0f72f2021-12-22 12:45:20.943root 11241100x80000000000000004022980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd1b76a31431f162021-12-22 12:45:20.944root 11241100x80000000000000004022981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd3bd4a563467902021-12-22 12:45:20.944root 11241100x80000000000000004022982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ec532c55c6b8312021-12-22 12:45:20.944root 11241100x80000000000000004022983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79da9599f4cc2ab2021-12-22 12:45:20.944root 11241100x80000000000000004022984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31874d7d664cf16b2021-12-22 12:45:20.944root 11241100x80000000000000004022985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbe9616db3599042021-12-22 12:45:20.944root 11241100x80000000000000004022986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f51775dcd516dd2021-12-22 12:45:20.944root 11241100x80000000000000004022987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501ead612add60ba2021-12-22 12:45:20.944root 11241100x80000000000000004022988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6474617446d131422021-12-22 12:45:20.945root 11241100x80000000000000004022989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c125296199f0feec2021-12-22 12:45:20.945root 11241100x80000000000000004022990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02d4fde24b78eaa2021-12-22 12:45:20.945root 11241100x80000000000000004022991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f3abb1d651deaa2021-12-22 12:45:21.443root 11241100x80000000000000004022992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6432bfbe9d8fa5c2021-12-22 12:45:21.443root 11241100x80000000000000004022993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b106fa42cf9ffdd2021-12-22 12:45:21.443root 11241100x80000000000000004022994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db34f12ae74fc5e2021-12-22 12:45:21.443root 11241100x80000000000000004022995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3120940926d1d342021-12-22 12:45:21.444root 11241100x80000000000000004022996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5790fbbfa39524bf2021-12-22 12:45:21.444root 11241100x80000000000000004022997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6f68d022f6b8912021-12-22 12:45:21.444root 11241100x80000000000000004022998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd48279339aa7d82021-12-22 12:45:21.444root 11241100x80000000000000004022999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03138735a77a9ae52021-12-22 12:45:21.444root 11241100x80000000000000004023000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea86e2b60c10d222021-12-22 12:45:21.444root 11241100x80000000000000004023001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f516e1e8915e8532021-12-22 12:45:21.444root 11241100x80000000000000004023002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611792dd2355e58e2021-12-22 12:45:21.444root 11241100x80000000000000004023003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5933511f8f598b2021-12-22 12:45:21.444root 11241100x80000000000000004023004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f9f0b38197424d2021-12-22 12:45:21.444root 11241100x80000000000000004023005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d81d4049c62871e2021-12-22 12:45:21.943root 11241100x80000000000000004023006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7624fcba4e067a882021-12-22 12:45:21.943root 11241100x80000000000000004023007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12ab8fe0252e55f2021-12-22 12:45:21.943root 11241100x80000000000000004023008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d839dbc24050aa932021-12-22 12:45:21.943root 11241100x80000000000000004023009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19d4a8103f821862021-12-22 12:45:21.943root 11241100x80000000000000004023010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7817e2fae085fbc2021-12-22 12:45:21.943root 11241100x80000000000000004023011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc419eb91be23bf2021-12-22 12:45:21.944root 11241100x80000000000000004023012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e616fcfaa190ea192021-12-22 12:45:21.944root 11241100x80000000000000004023013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336a4982770c73c02021-12-22 12:45:21.944root 11241100x80000000000000004023014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a1a5cbb82d97402021-12-22 12:45:21.944root 11241100x80000000000000004023015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ee73363d2364982021-12-22 12:45:21.944root 11241100x80000000000000004023016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72c749d6c98b80f2021-12-22 12:45:21.944root 11241100x80000000000000004023017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fe2df297287d252021-12-22 12:45:21.944root 11241100x80000000000000004023018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354e15579d25c18e2021-12-22 12:45:21.944root 11241100x80000000000000004023019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5800f8522c621a3e2021-12-22 12:45:22.443root 11241100x80000000000000004023020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b76694625e227782021-12-22 12:45:22.443root 11241100x80000000000000004023021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf3ca2abbfdbb4e2021-12-22 12:45:22.443root 11241100x80000000000000004023022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdb99f08b2ab70f2021-12-22 12:45:22.443root 11241100x80000000000000004023023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdc1965f5abeafc2021-12-22 12:45:22.443root 11241100x80000000000000004023024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078ccd192e7e0a782021-12-22 12:45:22.444root 11241100x80000000000000004023025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6971e5470b79a92021-12-22 12:45:22.444root 11241100x80000000000000004023026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1929761e4e800e892021-12-22 12:45:22.444root 11241100x80000000000000004023027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f698f9a20be78ac2021-12-22 12:45:22.444root 11241100x80000000000000004023028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7312f368286d5dc42021-12-22 12:45:22.444root 11241100x80000000000000004023029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2432c5bc3e6983e52021-12-22 12:45:22.444root 11241100x80000000000000004023030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3966708681f36f122021-12-22 12:45:22.445root 11241100x80000000000000004023031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d5cdbdd51458322021-12-22 12:45:22.445root 11241100x80000000000000004023032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dc95c2268938a02021-12-22 12:45:22.445root 11241100x80000000000000004023033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cf278a8556abb32021-12-22 12:45:22.943root 11241100x80000000000000004023034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a047ff1acd810172021-12-22 12:45:22.943root 11241100x80000000000000004023035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb49dc1f2cca73a12021-12-22 12:45:22.943root 11241100x80000000000000004023036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9648bb43709ae452021-12-22 12:45:22.943root 11241100x80000000000000004023037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22a4df52e313b912021-12-22 12:45:22.944root 11241100x80000000000000004023038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec47da9dfd0f0f52021-12-22 12:45:22.944root 11241100x80000000000000004023039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aaf42b155150fa2021-12-22 12:45:22.944root 11241100x80000000000000004023040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76cde1721286dfd2021-12-22 12:45:22.944root 11241100x80000000000000004023041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5b5f0c989b9ec62021-12-22 12:45:22.944root 11241100x80000000000000004023042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a23e31b286d0e22021-12-22 12:45:22.944root 11241100x80000000000000004023043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa76eb72a9286e112021-12-22 12:45:22.944root 11241100x80000000000000004023044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be43d51348af635d2021-12-22 12:45:22.945root 11241100x80000000000000004023045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a96b0df95a70542021-12-22 12:45:22.945root 11241100x80000000000000004023046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d0591bcb7950db2021-12-22 12:45:22.945root 354300x80000000000000004023047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.019{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56860-false10.0.1.12-8000- 11241100x80000000000000004023048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b4b5305fb3b9d62021-12-22 12:45:23.443root 11241100x80000000000000004023049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05d5d7862d10cdc2021-12-22 12:45:23.443root 11241100x80000000000000004023050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8d3295c2c92d942021-12-22 12:45:23.443root 11241100x80000000000000004023051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606360269d96024b2021-12-22 12:45:23.443root 11241100x80000000000000004023052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a8c23b86c0fa0b2021-12-22 12:45:23.444root 11241100x80000000000000004023053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bdd2d22d9a0c242021-12-22 12:45:23.444root 11241100x80000000000000004023054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da01c0f15d1c1d82021-12-22 12:45:23.444root 11241100x80000000000000004023055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae70a250d6b852ad2021-12-22 12:45:23.444root 11241100x80000000000000004023056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d537447ef4a3d3e2021-12-22 12:45:23.444root 11241100x80000000000000004023057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56bdfe5d42126d92021-12-22 12:45:23.444root 11241100x80000000000000004023058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc444eb15c27c8e22021-12-22 12:45:23.444root 11241100x80000000000000004023059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843c09c9bbd7ca002021-12-22 12:45:23.444root 11241100x80000000000000004023060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac80302be6653aac2021-12-22 12:45:23.444root 11241100x80000000000000004023061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d43bd00ab993102021-12-22 12:45:23.444root 11241100x80000000000000004023062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df8f2eb29ef1b0a2021-12-22 12:45:23.444root 11241100x80000000000000004023063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db31f2aefe4728e62021-12-22 12:45:23.943root 11241100x80000000000000004023064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f74498ca2c96bac2021-12-22 12:45:23.943root 11241100x80000000000000004023065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538df601a8ebf3952021-12-22 12:45:23.943root 11241100x80000000000000004023066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd15a70e3423d902021-12-22 12:45:23.944root 11241100x80000000000000004023067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c638a5ce78e6f7772021-12-22 12:45:23.944root 11241100x80000000000000004023068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5667bd9b7ab42df62021-12-22 12:45:23.944root 11241100x80000000000000004023069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9682c50bbcd76872021-12-22 12:45:23.944root 11241100x80000000000000004023070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83430174df05c95e2021-12-22 12:45:23.944root 11241100x80000000000000004023071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779b649a64f633372021-12-22 12:45:23.944root 11241100x80000000000000004023072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aae3511f7cf55e72021-12-22 12:45:23.944root 11241100x80000000000000004023073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498ce45fdf9eb4a62021-12-22 12:45:23.944root 11241100x80000000000000004023074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754be075527ea60a2021-12-22 12:45:23.944root 11241100x80000000000000004023075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e624df7f7ea2d6fa2021-12-22 12:45:23.944root 11241100x80000000000000004023076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2f99699c20e23f2021-12-22 12:45:23.944root 11241100x80000000000000004023077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1656c85192bc70822021-12-22 12:45:23.945root 11241100x80000000000000004023078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede1762ffca9ed302021-12-22 12:45:24.443root 11241100x80000000000000004023079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2db942cc4cdb8dd2021-12-22 12:45:24.443root 11241100x80000000000000004023080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae7e9f5e93be5b62021-12-22 12:45:24.444root 11241100x80000000000000004023081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42162efe4039d8562021-12-22 12:45:24.444root 11241100x80000000000000004023082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac4abb4d1a48d882021-12-22 12:45:24.444root 11241100x80000000000000004023083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdf96ec52397b2d2021-12-22 12:45:24.444root 11241100x80000000000000004023084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903de041648bb9d12021-12-22 12:45:24.445root 11241100x80000000000000004023085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e93e7e9d30c39e72021-12-22 12:45:24.445root 11241100x80000000000000004023086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318bdaef254eb0a32021-12-22 12:45:24.445root 11241100x80000000000000004023087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fae7e6416495ccc2021-12-22 12:45:24.446root 11241100x80000000000000004023088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec59d635d9ed62962021-12-22 12:45:24.446root 11241100x80000000000000004023089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7d20785ce87bc62021-12-22 12:45:24.446root 11241100x80000000000000004023090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33799db957d2f8472021-12-22 12:45:24.447root 11241100x80000000000000004023091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebfec352a5b55ad2021-12-22 12:45:24.447root 11241100x80000000000000004023092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b168a5929daeaf2021-12-22 12:45:24.447root 11241100x80000000000000004023093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adaf10a2472adbb2021-12-22 12:45:24.943root 11241100x80000000000000004023094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e050e194aa268f252021-12-22 12:45:24.945root 11241100x80000000000000004023095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0fda5c364e258e2021-12-22 12:45:24.946root 11241100x80000000000000004023096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38593a910232f57a2021-12-22 12:45:24.946root 11241100x80000000000000004023097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906c83b6376b289b2021-12-22 12:45:24.946root 11241100x80000000000000004023098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66fddd54517b0f42021-12-22 12:45:24.947root 11241100x80000000000000004023099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a01b99bc76c4002021-12-22 12:45:24.947root 11241100x80000000000000004023100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756a75a0844c8dd02021-12-22 12:45:24.947root 11241100x80000000000000004023101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6163ed22b5d2d60c2021-12-22 12:45:24.947root 11241100x80000000000000004023102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f87ae8c204f3632021-12-22 12:45:24.947root 11241100x80000000000000004023103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa94e931ad5a7f342021-12-22 12:45:24.948root 11241100x80000000000000004023104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886a3222336641352021-12-22 12:45:24.948root 11241100x80000000000000004023105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956ca20374d45f442021-12-22 12:45:24.948root 11241100x80000000000000004023106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131cd9a36eb8c9c32021-12-22 12:45:24.948root 11241100x80000000000000004023107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88522203ab1760b42021-12-22 12:45:24.949root 534500x80000000000000004023108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.949{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 534500x80000000000000004023109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:24.973{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x80000000000000004023110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d67d59dbeb7f6f2021-12-22 12:45:25.443root 11241100x80000000000000004023111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15209a934b37c09c2021-12-22 12:45:25.443root 11241100x80000000000000004023112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fba94ccdf306c72021-12-22 12:45:25.443root 11241100x80000000000000004023113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e69b3a0b003f0a2021-12-22 12:45:25.443root 11241100x80000000000000004023114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085af5c63c17856b2021-12-22 12:45:25.444root 11241100x80000000000000004023115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56cef89f74a2b322021-12-22 12:45:25.444root 11241100x80000000000000004023116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a3f0a40307dcde2021-12-22 12:45:25.444root 11241100x80000000000000004023117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66c0c5a3bbfebf72021-12-22 12:45:25.444root 11241100x80000000000000004023118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9346c900ea6bdb842021-12-22 12:45:25.444root 11241100x80000000000000004023119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbeafba505d87eca2021-12-22 12:45:25.444root 11241100x80000000000000004023120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90015ec1d19f04a82021-12-22 12:45:25.444root 11241100x80000000000000004023121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6a194a10b067ed2021-12-22 12:45:25.444root 11241100x80000000000000004023122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e129c67361f33fb22021-12-22 12:45:25.444root 11241100x80000000000000004023123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf6c9851de7a30b2021-12-22 12:45:25.444root 11241100x80000000000000004023124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38862a15581242902021-12-22 12:45:25.444root 11241100x80000000000000004023125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec7ff068a64f30e2021-12-22 12:45:25.444root 11241100x80000000000000004023126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5888d21c027546f42021-12-22 12:45:25.444root 11241100x80000000000000004023127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e004c9894618852021-12-22 12:45:25.943root 11241100x80000000000000004023128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788c0f890e2a88ad2021-12-22 12:45:25.943root 11241100x80000000000000004023129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0da765128c19e392021-12-22 12:45:25.943root 11241100x80000000000000004023130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4e76b8a6c873752021-12-22 12:45:25.943root 11241100x80000000000000004023131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb5d210c0e8df922021-12-22 12:45:25.943root 11241100x80000000000000004023132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ad31952c8067c82021-12-22 12:45:25.943root 11241100x80000000000000004023133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efd52b3f89644d62021-12-22 12:45:25.943root 11241100x80000000000000004023134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc58a774af891eb2021-12-22 12:45:25.943root 11241100x80000000000000004023135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1890567cfaa879122021-12-22 12:45:25.944root 11241100x80000000000000004023136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f24a53d23bae672021-12-22 12:45:25.944root 11241100x80000000000000004023137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77020539668244e2021-12-22 12:45:25.944root 11241100x80000000000000004023138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380a33987e311f9a2021-12-22 12:45:25.944root 11241100x80000000000000004023139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48433debcdb106572021-12-22 12:45:25.944root 11241100x80000000000000004023140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad1aa1a98547b942021-12-22 12:45:25.944root 11241100x80000000000000004023141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f9950ef32b9f4e2021-12-22 12:45:25.944root 11241100x80000000000000004023142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2796d2301ec008332021-12-22 12:45:25.944root 11241100x80000000000000004023143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0d4964f76758d12021-12-22 12:45:25.944root 11241100x80000000000000004023144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ea6c1821e54d062021-12-22 12:45:26.443root 11241100x80000000000000004023145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87a7f42075eca702021-12-22 12:45:26.443root 11241100x80000000000000004023146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2aaae8c0c4d31902021-12-22 12:45:26.443root 11241100x80000000000000004023147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a384ba8bcf14eb552021-12-22 12:45:26.443root 11241100x80000000000000004023148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deab7f4498fdca12021-12-22 12:45:26.443root 11241100x80000000000000004023149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d248cf5be5ac062021-12-22 12:45:26.443root 11241100x80000000000000004023150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54596d2d0636906d2021-12-22 12:45:26.443root 11241100x80000000000000004023151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8392eb520f177082021-12-22 12:45:26.443root 11241100x80000000000000004023152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93454a6abfc881ac2021-12-22 12:45:26.443root 11241100x80000000000000004023153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9b695f1a93dd492021-12-22 12:45:26.444root 11241100x80000000000000004023154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4885210d4bb1ac6f2021-12-22 12:45:26.444root 11241100x80000000000000004023155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0950049833e2e322021-12-22 12:45:26.444root 11241100x80000000000000004023156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9033b0242f489df2021-12-22 12:45:26.444root 11241100x80000000000000004023157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11c8087f126f9de2021-12-22 12:45:26.444root 11241100x80000000000000004023158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6bcb93039899452021-12-22 12:45:26.444root 11241100x80000000000000004023159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc82de85e9f0600f2021-12-22 12:45:26.444root 11241100x80000000000000004023160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58368bf09c5dbaf92021-12-22 12:45:26.444root 11241100x80000000000000004023161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89e582eae3973292021-12-22 12:45:26.445root 11241100x80000000000000004023162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a60d626758c65e02021-12-22 12:45:26.445root 11241100x80000000000000004023163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4b44d0286a1d982021-12-22 12:45:26.445root 11241100x80000000000000004023164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0477d703cc3105582021-12-22 12:45:26.445root 11241100x80000000000000004023165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4b43061e90e6942021-12-22 12:45:26.445root 11241100x80000000000000004023166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe90de084a9a53f2021-12-22 12:45:26.445root 11241100x80000000000000004023167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f1399ea8cb37202021-12-22 12:45:26.445root 11241100x80000000000000004023168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac22bbc7c30d5cec2021-12-22 12:45:26.943root 11241100x80000000000000004023169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaef7d72b04544eb2021-12-22 12:45:26.943root 11241100x80000000000000004023170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ab08a6938403962021-12-22 12:45:26.943root 11241100x80000000000000004023171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe612afb3b8d1a82021-12-22 12:45:26.943root 11241100x80000000000000004023172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85b01421521bb032021-12-22 12:45:26.944root 11241100x80000000000000004023173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b4d03f86b5cb9d2021-12-22 12:45:26.944root 11241100x80000000000000004023174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d7d056133a8ac52021-12-22 12:45:26.944root 11241100x80000000000000004023175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51dd17054c04acf2021-12-22 12:45:26.944root 11241100x80000000000000004023176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db38571976fbff3f2021-12-22 12:45:26.944root 11241100x80000000000000004023177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b459d10f8b225fd42021-12-22 12:45:26.944root 11241100x80000000000000004023178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30069d4198deb602021-12-22 12:45:26.945root 11241100x80000000000000004023179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc970d3c04cf7d6c2021-12-22 12:45:26.945root 11241100x80000000000000004023180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a85e7dc5a63fe3c2021-12-22 12:45:26.945root 11241100x80000000000000004023181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66bdb4e6c1509e42021-12-22 12:45:26.945root 11241100x80000000000000004023182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0705e205cf259e612021-12-22 12:45:26.945root 11241100x80000000000000004023183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf6aad4bdaf7ee02021-12-22 12:45:26.945root 11241100x80000000000000004023184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c34523de58bbc122021-12-22 12:45:26.945root 11241100x80000000000000004023185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ef1e5e9bf32d152021-12-22 12:45:27.443root 11241100x80000000000000004023186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c48d015816f7a472021-12-22 12:45:27.443root 11241100x80000000000000004023187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535d89a7ba8efad32021-12-22 12:45:27.443root 11241100x80000000000000004023188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6caecfa8ce823902021-12-22 12:45:27.443root 11241100x80000000000000004023189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a737dfd0b84c01572021-12-22 12:45:27.443root 11241100x80000000000000004023190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e891a05d77db24e42021-12-22 12:45:27.444root 11241100x80000000000000004023191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006d907515d407022021-12-22 12:45:27.444root 11241100x80000000000000004023192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82aaaf9535ccfffc2021-12-22 12:45:27.444root 11241100x80000000000000004023193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bca7e0fac0427262021-12-22 12:45:27.444root 11241100x80000000000000004023194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25694bb997a4a7c72021-12-22 12:45:27.444root 11241100x80000000000000004023195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc647483bf4fea752021-12-22 12:45:27.444root 11241100x80000000000000004023196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b6641f72f70b7e2021-12-22 12:45:27.444root 11241100x80000000000000004023197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5ff7815ff53c5f2021-12-22 12:45:27.444root 11241100x80000000000000004023198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737d5d7b11e9541e2021-12-22 12:45:27.444root 11241100x80000000000000004023199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b265f1dd63b618b92021-12-22 12:45:27.444root 11241100x80000000000000004023200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6149b931a923586a2021-12-22 12:45:27.445root 11241100x80000000000000004023201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e389f877a2081b42021-12-22 12:45:27.445root 11241100x80000000000000004023202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77540565279e3da02021-12-22 12:45:27.943root 11241100x80000000000000004023203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69dc60bec8e82ab2021-12-22 12:45:27.943root 11241100x80000000000000004023204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48410a0d311036f12021-12-22 12:45:27.943root 11241100x80000000000000004023205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881ad6f1787c39842021-12-22 12:45:27.943root 11241100x80000000000000004023206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507e3b2a098365af2021-12-22 12:45:27.944root 11241100x80000000000000004023207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aebe7606c5383362021-12-22 12:45:27.944root 11241100x80000000000000004023208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b150be2dd0ff6a2021-12-22 12:45:27.944root 11241100x80000000000000004023209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c7a430374f57f02021-12-22 12:45:27.944root 11241100x80000000000000004023210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41978220b763e202021-12-22 12:45:27.944root 11241100x80000000000000004023211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aeafbc8e3c4e5ba2021-12-22 12:45:27.944root 11241100x80000000000000004023212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84203d911c30605c2021-12-22 12:45:27.944root 11241100x80000000000000004023213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb2ac5150c60a9e2021-12-22 12:45:27.945root 11241100x80000000000000004023214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a9f40b2a29ebd72021-12-22 12:45:27.945root 11241100x80000000000000004023215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ad059e2369eef02021-12-22 12:45:27.945root 11241100x80000000000000004023216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6219f2d1a0ab803d2021-12-22 12:45:27.945root 11241100x80000000000000004023217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd0f63b89c1c7c42021-12-22 12:45:27.945root 11241100x80000000000000004023218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b8a234fe7331082021-12-22 12:45:27.945root 354300x80000000000000004023219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.020{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56862-false10.0.1.12-8000- 11241100x80000000000000004023220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d279a8643affd62021-12-22 12:45:28.443root 11241100x80000000000000004023221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5b3cee3b07dde12021-12-22 12:45:28.443root 11241100x80000000000000004023222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993926647650fca82021-12-22 12:45:28.445root 11241100x80000000000000004023223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42339300cad183ee2021-12-22 12:45:28.445root 11241100x80000000000000004023224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3d4e9c1c66975c2021-12-22 12:45:28.446root 11241100x80000000000000004023225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00670d0abbd8c1f82021-12-22 12:45:28.446root 11241100x80000000000000004023226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38317ec63a55a0f42021-12-22 12:45:28.446root 11241100x80000000000000004023227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9682e5321351832021-12-22 12:45:28.446root 11241100x80000000000000004023228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbed42b7272cda72021-12-22 12:45:28.446root 11241100x80000000000000004023229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050bcf08cb4abcdb2021-12-22 12:45:28.447root 11241100x80000000000000004023230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0bd095816609cb2021-12-22 12:45:28.448root 11241100x80000000000000004023231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50721c91b9ab76d62021-12-22 12:45:28.448root 11241100x80000000000000004023232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc47b2187c61867e2021-12-22 12:45:28.448root 11241100x80000000000000004023233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343bc74abe8943792021-12-22 12:45:28.448root 11241100x80000000000000004023234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0e91304113aa122021-12-22 12:45:28.448root 11241100x80000000000000004023235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a695fb91924800e2021-12-22 12:45:28.449root 11241100x80000000000000004023236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ba7c5bb7ef042d2021-12-22 12:45:28.449root 11241100x80000000000000004023237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660a6763381776142021-12-22 12:45:28.449root 11241100x80000000000000004023238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6f610970cbc6a02021-12-22 12:45:28.943root 11241100x80000000000000004023239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2425c82aa3176f4b2021-12-22 12:45:28.943root 11241100x80000000000000004023240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddd535ef965cba52021-12-22 12:45:28.943root 11241100x80000000000000004023241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84715ceffd007d3f2021-12-22 12:45:28.943root 11241100x80000000000000004023242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a6c8cebdd91d472021-12-22 12:45:28.943root 11241100x80000000000000004023243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3d1f7b1176546a2021-12-22 12:45:28.944root 11241100x80000000000000004023244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317d30c3146222212021-12-22 12:45:28.944root 11241100x80000000000000004023245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f100b39350e6242021-12-22 12:45:28.944root 11241100x80000000000000004023246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4285b08b8155800d2021-12-22 12:45:28.944root 11241100x80000000000000004023247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc33e16d49d908f2021-12-22 12:45:28.944root 11241100x80000000000000004023248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bbe0287c4dcbb92021-12-22 12:45:28.944root 11241100x80000000000000004023249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2d91c116ae4f692021-12-22 12:45:28.944root 11241100x80000000000000004023250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a83de6d622ace92021-12-22 12:45:28.944root 11241100x80000000000000004023251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc45b7aeff46cbba2021-12-22 12:45:28.944root 11241100x80000000000000004023252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d8f8b950a4c43b2021-12-22 12:45:28.944root 11241100x80000000000000004023253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41033c87a3047e482021-12-22 12:45:28.944root 11241100x80000000000000004023254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5647186799bc850a2021-12-22 12:45:28.944root 11241100x80000000000000004023255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58325047949e7a02021-12-22 12:45:28.945root 154100x80000000000000004023256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.437{ec2b6afe-1de9-61c3-6834-d04dbe550000}22724/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x80000000000000004023257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d995092a5f2f58252021-12-22 12:45:29.439root 11241100x80000000000000004023258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76856772e8ef6fac2021-12-22 12:45:29.439root 11241100x80000000000000004023259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986c995dead1128e2021-12-22 12:45:29.439root 11241100x80000000000000004023260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b27f25a4237c6ed2021-12-22 12:45:29.439root 11241100x80000000000000004023261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99516c023ff13fdf2021-12-22 12:45:29.439root 11241100x80000000000000004023262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd571c432660aaa2021-12-22 12:45:29.439root 11241100x80000000000000004023263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5431c3a5b6323fd72021-12-22 12:45:29.440root 11241100x80000000000000004023264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3c720a3abc31062021-12-22 12:45:29.440root 11241100x80000000000000004023265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de8959f11ece9e92021-12-22 12:45:29.440root 11241100x80000000000000004023266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6744f1d58125ef02021-12-22 12:45:29.440root 11241100x80000000000000004023267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a69e21e43106a82021-12-22 12:45:29.440root 11241100x80000000000000004023268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89f8bf080ed3bfc2021-12-22 12:45:29.440root 11241100x80000000000000004023269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1469b41a8cb9282021-12-22 12:45:29.440root 11241100x80000000000000004023270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8fa0d3044f04d12021-12-22 12:45:29.440root 11241100x80000000000000004023271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca972d1f52ace8f2021-12-22 12:45:29.440root 11241100x80000000000000004023272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159cce418f75e3d82021-12-22 12:45:29.440root 11241100x80000000000000004023273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.441{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7e52ad0a4f0ed72021-12-22 12:45:29.441root 11241100x80000000000000004023274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.441{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf3276944fbdb6e2021-12-22 12:45:29.441root 11241100x80000000000000004023275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.441{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eb188ec86f5d132021-12-22 12:45:29.441root 534500x80000000000000004023276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.448{ec2b6afe-1de9-61c3-6834-d04dbe550000}22724/bin/psroot 11241100x80000000000000004023277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625fff4ced67f1352021-12-22 12:45:29.692root 11241100x80000000000000004023278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636e8385548b5a862021-12-22 12:45:29.693root 11241100x80000000000000004023279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a30a4a63edef232021-12-22 12:45:29.693root 11241100x80000000000000004023280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55d5d133d4fbf262021-12-22 12:45:29.693root 11241100x80000000000000004023281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af32288499e537862021-12-22 12:45:29.693root 11241100x80000000000000004023282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0746f175cbccd3f2021-12-22 12:45:29.693root 11241100x80000000000000004023283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328309a1df4685a72021-12-22 12:45:29.694root 11241100x80000000000000004023284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d7ad800734bc822021-12-22 12:45:29.694root 11241100x80000000000000004023285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d40200d816cbb62021-12-22 12:45:29.694root 11241100x80000000000000004023286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7186275c48dc2b2a2021-12-22 12:45:29.694root 11241100x80000000000000004023287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9ef9832a00b2912021-12-22 12:45:29.695root 11241100x80000000000000004023288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f53386f0fe5b7142021-12-22 12:45:29.695root 11241100x80000000000000004023289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dd744b37f0158a2021-12-22 12:45:29.695root 11241100x80000000000000004023290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f196940436f8af982021-12-22 12:45:29.696root 11241100x80000000000000004023291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce8b405023ceae02021-12-22 12:45:29.696root 11241100x80000000000000004023292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ee7ca3d332147e2021-12-22 12:45:29.696root 11241100x80000000000000004023293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1371f100f71406bd2021-12-22 12:45:29.696root 11241100x80000000000000004023294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197c8fce36e22b082021-12-22 12:45:29.697root 11241100x80000000000000004023295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77e10946dd9f38e2021-12-22 12:45:29.697root 11241100x80000000000000004023296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57b164949beae6c2021-12-22 12:45:29.697root 11241100x80000000000000004023297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ea1bb5cfd01d5f2021-12-22 12:45:29.697root 11241100x80000000000000004023298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d0bf469b5e539d2021-12-22 12:45:29.698root 11241100x80000000000000004023299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419d2beeb5b2a7472021-12-22 12:45:30.193root 11241100x80000000000000004023300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb5e555ef2de1d32021-12-22 12:45:30.193root 11241100x80000000000000004023301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5bd2cd46ce05742021-12-22 12:45:30.193root 11241100x80000000000000004023302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588c726e3ed6274f2021-12-22 12:45:30.193root 11241100x80000000000000004023303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f889b309d1cba02021-12-22 12:45:30.194root 11241100x80000000000000004023304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f99fe26fb4f7822021-12-22 12:45:30.194root 11241100x80000000000000004023305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d029ec10dd0b6eff2021-12-22 12:45:30.194root 11241100x80000000000000004023306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3506b747a43651ab2021-12-22 12:45:30.194root 11241100x80000000000000004023307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa92f50e612239162021-12-22 12:45:30.194root 11241100x80000000000000004023308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b7add6c891019b2021-12-22 12:45:30.194root 11241100x80000000000000004023309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d758f5c52ad7bbd02021-12-22 12:45:30.194root 11241100x80000000000000004023310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf585793afceb5b2021-12-22 12:45:30.194root 11241100x80000000000000004023311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f260a9687a3a073e2021-12-22 12:45:30.194root 11241100x80000000000000004023312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b2aae2d9c77f8b2021-12-22 12:45:30.194root 11241100x80000000000000004023313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1ed02be9ebfce72021-12-22 12:45:30.194root 11241100x80000000000000004023314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fdc4cc9d7e46c22021-12-22 12:45:30.194root 11241100x80000000000000004023315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891e192128b725282021-12-22 12:45:30.194root 11241100x80000000000000004023316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249465b9c9bfb4f92021-12-22 12:45:30.194root 11241100x80000000000000004023317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f82fab40aede25d2021-12-22 12:45:30.194root 11241100x80000000000000004023318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1e7544dc9e51b42021-12-22 12:45:30.194root 11241100x80000000000000004023319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827bbfa0f59ed5a32021-12-22 12:45:30.693root 11241100x80000000000000004023320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33710da050e836a2021-12-22 12:45:30.693root 11241100x80000000000000004023321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0884777fd99e6382021-12-22 12:45:30.694root 11241100x80000000000000004023322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8567f474aef787952021-12-22 12:45:30.694root 11241100x80000000000000004023323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd1292085e3b2472021-12-22 12:45:30.694root 11241100x80000000000000004023324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61284eddb1da87e2021-12-22 12:45:30.695root 11241100x80000000000000004023325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95be2165a361c2572021-12-22 12:45:30.695root 11241100x80000000000000004023326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24549f0b91400a0c2021-12-22 12:45:30.695root 11241100x80000000000000004023327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2257389f9cabaf412021-12-22 12:45:30.695root 11241100x80000000000000004023328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d93509926989a712021-12-22 12:45:30.696root 11241100x80000000000000004023329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf75b4c45e781f112021-12-22 12:45:30.696root 11241100x80000000000000004023330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c523ddfe4e00bf82021-12-22 12:45:30.696root 11241100x80000000000000004023331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36d0183d6f1cad52021-12-22 12:45:30.697root 11241100x80000000000000004023332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d3fa792d406bd62021-12-22 12:45:30.697root 11241100x80000000000000004023333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a0f63b0c16f95a2021-12-22 12:45:30.697root 11241100x80000000000000004023334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b41fe6114b602112021-12-22 12:45:30.697root 11241100x80000000000000004023335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e14495ea9d12ef2021-12-22 12:45:30.698root 11241100x80000000000000004023336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bdbcc3b4791b852021-12-22 12:45:30.698root 11241100x80000000000000004023337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee25c7b2f9f4dc912021-12-22 12:45:30.698root 11241100x80000000000000004023338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6690ee87d974ce72021-12-22 12:45:30.698root 11241100x80000000000000004023339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f30f5e11188b8d2021-12-22 12:45:31.193root 11241100x80000000000000004023340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cf889b8e545c7f2021-12-22 12:45:31.193root 11241100x80000000000000004023341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc24d11e8da89322021-12-22 12:45:31.194root 11241100x80000000000000004023342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2030d5d498027a5b2021-12-22 12:45:31.194root 11241100x80000000000000004023343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2f8806b563aec32021-12-22 12:45:31.194root 11241100x80000000000000004023344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2b51c4eb8c068f2021-12-22 12:45:31.194root 11241100x80000000000000004023345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6717fe5465ed8fb82021-12-22 12:45:31.195root 11241100x80000000000000004023346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb133b9231b4f82f2021-12-22 12:45:31.195root 11241100x80000000000000004023347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a95c10d8c333042021-12-22 12:45:31.195root 11241100x80000000000000004023348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ed4dca6a95c82f2021-12-22 12:45:31.195root 11241100x80000000000000004023349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee0a63621d047482021-12-22 12:45:31.196root 11241100x80000000000000004023350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56968a46d91e569a2021-12-22 12:45:31.196root 11241100x80000000000000004023351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4548a1657c50ffd42021-12-22 12:45:31.196root 11241100x80000000000000004023352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dc5a099ce7f6772021-12-22 12:45:31.196root 11241100x80000000000000004023353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518bf72fdca642852021-12-22 12:45:31.197root 11241100x80000000000000004023354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017cb0d8238996862021-12-22 12:45:31.197root 11241100x80000000000000004023355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b8425e3df0c5a12021-12-22 12:45:31.197root 11241100x80000000000000004023356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f853ebd010c29c42021-12-22 12:45:31.198root 11241100x80000000000000004023357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6974d6ac6d87eb012021-12-22 12:45:31.198root 11241100x80000000000000004023358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e867486b3053152021-12-22 12:45:31.198root 11241100x80000000000000004023359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc463afa735c7bd92021-12-22 12:45:31.693root 11241100x80000000000000004023360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e244c0b6b944a152021-12-22 12:45:31.693root 11241100x80000000000000004023361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3099625808b9d1e72021-12-22 12:45:31.693root 11241100x80000000000000004023362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cac3e254f365c92021-12-22 12:45:31.693root 11241100x80000000000000004023363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068a994c2346b41f2021-12-22 12:45:31.694root 11241100x80000000000000004023364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ac0cfaf8d156a82021-12-22 12:45:31.694root 11241100x80000000000000004023365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cb168bf22254ab2021-12-22 12:45:31.694root 11241100x80000000000000004023366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2273f72fbdbda6bb2021-12-22 12:45:31.694root 11241100x80000000000000004023367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb85a6ecb00f23c42021-12-22 12:45:31.694root 11241100x80000000000000004023368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2348379c567fb8092021-12-22 12:45:31.694root 11241100x80000000000000004023369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8cb64cce12697f2021-12-22 12:45:31.694root 11241100x80000000000000004023370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b647d8299291c1b42021-12-22 12:45:31.694root 11241100x80000000000000004023371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b3ed430a14d0ce2021-12-22 12:45:31.695root 11241100x80000000000000004023372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19c17904af72f302021-12-22 12:45:31.695root 11241100x80000000000000004023373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e111a38f16d8bf2021-12-22 12:45:31.695root 11241100x80000000000000004023374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d0303d9aa3a2d72021-12-22 12:45:31.695root 11241100x80000000000000004023375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2052f946db02e42021-12-22 12:45:31.695root 11241100x80000000000000004023376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c67d2882820fc62021-12-22 12:45:31.695root 11241100x80000000000000004023377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fb43da0b9532902021-12-22 12:45:31.696root 11241100x80000000000000004023378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43791f5576d942382021-12-22 12:45:31.696root 11241100x80000000000000004023379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09418a8f124199652021-12-22 12:45:32.193root 11241100x80000000000000004023380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c48791034badc652021-12-22 12:45:32.193root 11241100x80000000000000004023381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3cdc0904ef28f02021-12-22 12:45:32.193root 11241100x80000000000000004023382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df008e5275a2c062021-12-22 12:45:32.194root 11241100x80000000000000004023383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0265b291f99d5c02021-12-22 12:45:32.194root 11241100x80000000000000004023384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340e1cd9d76e92372021-12-22 12:45:32.194root 11241100x80000000000000004023385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a196878864e8df92021-12-22 12:45:32.194root 11241100x80000000000000004023386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719e834af4a354a72021-12-22 12:45:32.194root 11241100x80000000000000004023387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55591e3edb5373412021-12-22 12:45:32.194root 11241100x80000000000000004023388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6094a0538a1c5d492021-12-22 12:45:32.194root 11241100x80000000000000004023389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a7971b97ce3b442021-12-22 12:45:32.194root 11241100x80000000000000004023390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b786cbf1d0d3a6b2021-12-22 12:45:32.194root 11241100x80000000000000004023391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76838b00a869e4bf2021-12-22 12:45:32.194root 11241100x80000000000000004023392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f8ca1f2b14ff352021-12-22 12:45:32.194root 11241100x80000000000000004023393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15567c2ed2c4887d2021-12-22 12:45:32.194root 11241100x80000000000000004023394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83833402106a09de2021-12-22 12:45:32.194root 11241100x80000000000000004023395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9ffa518f3871d42021-12-22 12:45:32.195root 11241100x80000000000000004023396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00676ea5a5114e382021-12-22 12:45:32.195root 11241100x80000000000000004023397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6dd4a6de9f13852021-12-22 12:45:32.195root 11241100x80000000000000004023398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5dbb182a6190ef2021-12-22 12:45:32.195root 11241100x80000000000000004023399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce006f51a37e7b262021-12-22 12:45:32.692root 11241100x80000000000000004023400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef8795e3f93c5262021-12-22 12:45:32.693root 11241100x80000000000000004023401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f8fb39ea4439652021-12-22 12:45:32.693root 11241100x80000000000000004023402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6ef96afadec3ed2021-12-22 12:45:32.693root 11241100x80000000000000004023403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52d6402b3b00302021-12-22 12:45:32.693root 11241100x80000000000000004023404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf5059114ae7db82021-12-22 12:45:32.693root 11241100x80000000000000004023405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cfdb3bb79d59eb2021-12-22 12:45:32.694root 11241100x80000000000000004023406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726309b2a33f53892021-12-22 12:45:32.694root 11241100x80000000000000004023407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe107f433c96c5492021-12-22 12:45:32.694root 11241100x80000000000000004023408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540a14a23ac881812021-12-22 12:45:32.694root 11241100x80000000000000004023409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ec8e1998b135762021-12-22 12:45:32.694root 11241100x80000000000000004023410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f8f61408fdb9a42021-12-22 12:45:32.694root 11241100x80000000000000004023411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99664a5e994632082021-12-22 12:45:32.695root 11241100x80000000000000004023412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a0fbb9968f9ef22021-12-22 12:45:32.695root 11241100x80000000000000004023413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a6e33c9eff0ad72021-12-22 12:45:32.695root 11241100x80000000000000004023414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd8aec9ff22073a2021-12-22 12:45:32.695root 11241100x80000000000000004023415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347680d1f24a4a892021-12-22 12:45:32.695root 11241100x80000000000000004023416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84124fe22d051cf22021-12-22 12:45:32.696root 11241100x80000000000000004023417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28f37f19a84f6b42021-12-22 12:45:32.696root 11241100x80000000000000004023418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f41a9d6703ce492021-12-22 12:45:32.696root 11241100x80000000000000004023419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d65f82e550e3e52021-12-22 12:45:32.696root 11241100x80000000000000004023420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9be186122fcb222021-12-22 12:45:32.696root 11241100x80000000000000004023421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879288d4f3e48afa2021-12-22 12:45:32.697root 354300x80000000000000004023422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.122{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56864-false10.0.1.12-8000- 11241100x80000000000000004023423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48e0e3243e772f12021-12-22 12:45:33.123root 11241100x80000000000000004023424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f38ecdb277d1d562021-12-22 12:45:33.123root 11241100x80000000000000004023425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34edabe2d17be2d92021-12-22 12:45:33.123root 11241100x80000000000000004023426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe52b84588470862021-12-22 12:45:33.123root 11241100x80000000000000004023427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e308512d9b2189b62021-12-22 12:45:33.123root 11241100x80000000000000004023428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ec0752ea53bde42021-12-22 12:45:33.124root 11241100x80000000000000004023429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd83e7d9e4b49d62021-12-22 12:45:33.124root 11241100x80000000000000004023430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758c4b5f690fae1f2021-12-22 12:45:33.124root 11241100x80000000000000004023431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb20a86816dc8982021-12-22 12:45:33.124root 11241100x80000000000000004023432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b458ce8689bb4e2e2021-12-22 12:45:33.124root 11241100x80000000000000004023433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b686a772fc5be442021-12-22 12:45:33.124root 11241100x80000000000000004023434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbdeda83f96d8612021-12-22 12:45:33.124root 11241100x80000000000000004023435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1825d78da90a15d12021-12-22 12:45:33.124root 11241100x80000000000000004023436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9a64a9b179cbed2021-12-22 12:45:33.124root 11241100x80000000000000004023437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a2a460e1306dce2021-12-22 12:45:33.124root 11241100x80000000000000004023438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0466e3f2438fd832021-12-22 12:45:33.125root 11241100x80000000000000004023439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a97ca4e860e3e02021-12-22 12:45:33.125root 11241100x80000000000000004023440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6940b53fde549e52021-12-22 12:45:33.125root 11241100x80000000000000004023441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4edca49fe60f1c2021-12-22 12:45:33.125root 11241100x80000000000000004023442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d29dbb6cf7a35d2021-12-22 12:45:33.125root 11241100x80000000000000004023443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d268a3135d9b75c2021-12-22 12:45:33.125root 11241100x80000000000000004023444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af407ed85dbe681a2021-12-22 12:45:33.125root 11241100x80000000000000004023445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a936d5399110552021-12-22 12:45:33.125root 11241100x80000000000000004023446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c4e4e562ec5b092021-12-22 12:45:33.125root 11241100x80000000000000004023447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.125{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:45:33.125root 11241100x80000000000000004023448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d017507c35265f2021-12-22 12:45:33.125root 11241100x80000000000000004023449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c53ea9777053042021-12-22 12:45:33.126root 11241100x80000000000000004023450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47be9254de2094342021-12-22 12:45:33.126root 11241100x80000000000000004023451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83823443ccb466ee2021-12-22 12:45:33.443root 11241100x80000000000000004023452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096e1de1a990a0932021-12-22 12:45:33.443root 11241100x80000000000000004023453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f1967d49ce52d32021-12-22 12:45:33.443root 11241100x80000000000000004023454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f9f195eea8a6122021-12-22 12:45:33.443root 11241100x80000000000000004023455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f180109f73774192021-12-22 12:45:33.443root 11241100x80000000000000004023456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d32fd91404c63e2021-12-22 12:45:33.444root 11241100x80000000000000004023457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3478743a0b834e482021-12-22 12:45:33.444root 11241100x80000000000000004023458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b0c26eeb1b48b32021-12-22 12:45:33.444root 11241100x80000000000000004023459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8112d9b867b93d592021-12-22 12:45:33.444root 11241100x80000000000000004023460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9747e68c8d8169a2021-12-22 12:45:33.444root 11241100x80000000000000004023461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec90addbce5669da2021-12-22 12:45:33.444root 11241100x80000000000000004023462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a87ec8b18fbe132021-12-22 12:45:33.444root 11241100x80000000000000004023463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60931cc6920faf112021-12-22 12:45:33.444root 11241100x80000000000000004023464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5721eaf0f44e23fa2021-12-22 12:45:33.444root 11241100x80000000000000004023465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e19c3340966dce2021-12-22 12:45:33.444root 11241100x80000000000000004023466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff74e76a10572a462021-12-22 12:45:33.445root 11241100x80000000000000004023467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa7df8092be795a2021-12-22 12:45:33.445root 11241100x80000000000000004023468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6b7145ea28b9eb2021-12-22 12:45:33.445root 11241100x80000000000000004023469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ea5309634625b12021-12-22 12:45:33.445root 11241100x80000000000000004023470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4011b8fbb8a0c6702021-12-22 12:45:33.445root 11241100x80000000000000004023471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8757ddef97cc3d6d2021-12-22 12:45:33.445root 11241100x80000000000000004023472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ab9b06295939292021-12-22 12:45:33.445root 11241100x80000000000000004023473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3496d1dfab3fa8e2021-12-22 12:45:33.943root 11241100x80000000000000004023474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5614ea4f8aa5d2952021-12-22 12:45:33.943root 11241100x80000000000000004023475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3a8a5a1cc31b342021-12-22 12:45:33.943root 11241100x80000000000000004023476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0422751439adfa572021-12-22 12:45:33.944root 11241100x80000000000000004023477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf332d152b7bb4c2021-12-22 12:45:33.944root 11241100x80000000000000004023478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f092d914516d39f62021-12-22 12:45:33.944root 11241100x80000000000000004023479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61eed4e2763a23742021-12-22 12:45:33.944root 11241100x80000000000000004023480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea163490a9d23792021-12-22 12:45:33.944root 11241100x80000000000000004023481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3384deb578e1256b2021-12-22 12:45:33.944root 11241100x80000000000000004023482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42684d923f7714fc2021-12-22 12:45:33.944root 11241100x80000000000000004023483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77490589fe9a36162021-12-22 12:45:33.944root 11241100x80000000000000004023484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6caf9a6eb9d8fff32021-12-22 12:45:33.944root 11241100x80000000000000004023485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c01d55d09f5b472021-12-22 12:45:33.945root 11241100x80000000000000004023486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b59a9b81e275d852021-12-22 12:45:33.945root 11241100x80000000000000004023487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7338e485f36ab4802021-12-22 12:45:33.945root 11241100x80000000000000004023488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9e68b85ee0090c2021-12-22 12:45:33.945root 11241100x80000000000000004023489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5021bfc62ed1a6c92021-12-22 12:45:33.945root 11241100x80000000000000004023490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8026513ffb6b332021-12-22 12:45:33.946root 11241100x80000000000000004023491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0600abf9b6849662021-12-22 12:45:33.946root 11241100x80000000000000004023492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b473197cc8a6acec2021-12-22 12:45:33.946root 11241100x80000000000000004023493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92515923560320962021-12-22 12:45:33.946root 11241100x80000000000000004023494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc288132dd61812c2021-12-22 12:45:33.946root 354300x80000000000000004023495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.304{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-43930-false10.0.1.12-8089- 11241100x80000000000000004023496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e949dec4d098e02021-12-22 12:45:34.305root 11241100x80000000000000004023497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a43742a2ee1cfcb2021-12-22 12:45:34.305root 11241100x80000000000000004023498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4e6d0f1b6b4c932021-12-22 12:45:34.305root 11241100x80000000000000004023499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71d136fa4fc2c6c2021-12-22 12:45:34.306root 11241100x80000000000000004023500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2df27b5be99b8b2021-12-22 12:45:34.306root 11241100x80000000000000004023501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07c6a83a2e299ed2021-12-22 12:45:34.306root 11241100x80000000000000004023502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1277a3c154f93fa52021-12-22 12:45:34.306root 11241100x80000000000000004023503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3dc10c16d7dc582021-12-22 12:45:34.307root 11241100x80000000000000004023504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0385ecbc2d1650b12021-12-22 12:45:34.307root 11241100x80000000000000004023505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6313d7f3ab1b2da2021-12-22 12:45:34.307root 11241100x80000000000000004023506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba39bae082ecb7712021-12-22 12:45:34.308root 11241100x80000000000000004023507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbefb9396d8f50e2021-12-22 12:45:34.308root 11241100x80000000000000004023508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d682754e3e706c942021-12-22 12:45:34.308root 11241100x80000000000000004023509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ba4bdead7bfc422021-12-22 12:45:34.308root 11241100x80000000000000004023510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a699c0c4a9a0112021-12-22 12:45:34.309root 11241100x80000000000000004023511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8553f9a77ad1752021-12-22 12:45:34.309root 11241100x80000000000000004023512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aeaae0926641d92021-12-22 12:45:34.309root 11241100x80000000000000004023513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ffd2d4cd81b0fc2021-12-22 12:45:34.309root 11241100x80000000000000004023514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef6f8431f21dfaa2021-12-22 12:45:34.309root 11241100x80000000000000004023515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586d05ab2fcae0a32021-12-22 12:45:34.309root 11241100x80000000000000004023516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fdd4ec8228eb3e2021-12-22 12:45:34.310root 11241100x80000000000000004023517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8e527552ecccb62021-12-22 12:45:34.310root 11241100x80000000000000004023518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1cfbd7989388e72021-12-22 12:45:34.310root 11241100x80000000000000004023519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f27f1576b42a75b2021-12-22 12:45:34.310root 11241100x80000000000000004023520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55dc2e10bda8c652021-12-22 12:45:34.310root 11241100x80000000000000004023521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8591bb5908c9512021-12-22 12:45:34.693root 11241100x80000000000000004023522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe80a42d62d78e202021-12-22 12:45:34.693root 11241100x80000000000000004023523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0610d3b17b74b62021-12-22 12:45:34.693root 11241100x80000000000000004023524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bc2c45b670cbfe2021-12-22 12:45:34.693root 11241100x80000000000000004023525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219d37ac307e1d452021-12-22 12:45:34.693root 11241100x80000000000000004023526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f338132321596e302021-12-22 12:45:34.693root 11241100x80000000000000004023527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cea54822f6025d12021-12-22 12:45:34.694root 11241100x80000000000000004023528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8843ec3d539026a52021-12-22 12:45:34.694root 11241100x80000000000000004023529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc0da7b0de2d78c2021-12-22 12:45:34.694root 11241100x80000000000000004023530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62eaa14b50d33132021-12-22 12:45:34.694root 11241100x80000000000000004023531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9689a65a17a4d5702021-12-22 12:45:34.694root 11241100x80000000000000004023532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb89357fe2d660292021-12-22 12:45:34.694root 11241100x80000000000000004023533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a71cf8d0e70b4422021-12-22 12:45:34.695root 11241100x80000000000000004023534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b7748a2bab41222021-12-22 12:45:34.695root 11241100x80000000000000004023535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40146febe04a45d42021-12-22 12:45:34.695root 11241100x80000000000000004023536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0682c50d6cafc3542021-12-22 12:45:34.695root 11241100x80000000000000004023537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdf5ca290b152202021-12-22 12:45:34.695root 11241100x80000000000000004023538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cb7e33b91bfa8e2021-12-22 12:45:34.695root 11241100x80000000000000004023539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d048b40da5ac8e72021-12-22 12:45:34.695root 11241100x80000000000000004023540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f11be685f4eac02021-12-22 12:45:34.696root 11241100x80000000000000004023541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832e02dbf86f0a282021-12-22 12:45:34.696root 11241100x80000000000000004023542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a29d1fbb036b6772021-12-22 12:45:34.696root 11241100x80000000000000004023543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c42eb41746d1c52021-12-22 12:45:34.696root 11241100x80000000000000004023544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630166b4205009712021-12-22 12:45:34.696root 11241100x80000000000000004023545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ad9ee89f5f22982021-12-22 12:45:34.696root 11241100x80000000000000004023546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d08152c25b553242021-12-22 12:45:35.193root 11241100x80000000000000004023547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e261bda25926f7e82021-12-22 12:45:35.193root 11241100x80000000000000004023548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3495ec1765f0fa2021-12-22 12:45:35.193root 11241100x80000000000000004023549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff004fdcc54afe82021-12-22 12:45:35.193root 11241100x80000000000000004023550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f990663bf2e8d1732021-12-22 12:45:35.194root 11241100x80000000000000004023551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd64df5680b812a2021-12-22 12:45:35.194root 11241100x80000000000000004023552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b482119d132e1be2021-12-22 12:45:35.194root 11241100x80000000000000004023553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0712ec1d2d27448c2021-12-22 12:45:35.194root 11241100x80000000000000004023554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70d0a175dc348ba2021-12-22 12:45:35.194root 11241100x80000000000000004023555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a89b024843e01b2021-12-22 12:45:35.194root 11241100x80000000000000004023556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2540e6bca4e9c12021-12-22 12:45:35.194root 11241100x80000000000000004023557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca7ce10a6b85fd22021-12-22 12:45:35.195root 11241100x80000000000000004023558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e1e1c64a8a01622021-12-22 12:45:35.195root 11241100x80000000000000004023559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a958aaf756d7282021-12-22 12:45:35.195root 11241100x80000000000000004023560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd52da3961b212e2021-12-22 12:45:35.195root 11241100x80000000000000004023561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babfcb454d1c47b72021-12-22 12:45:35.195root 11241100x80000000000000004023562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabd6847e1233f732021-12-22 12:45:35.195root 11241100x80000000000000004023563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f9f656fca928f92021-12-22 12:45:35.195root 11241100x80000000000000004023564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f29e965dc091c382021-12-22 12:45:35.195root 11241100x80000000000000004023565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf1e7bf57c6f58b2021-12-22 12:45:35.196root 11241100x80000000000000004023566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d620eafe5a9902422021-12-22 12:45:35.196root 11241100x80000000000000004023567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f9f6eea920bf772021-12-22 12:45:35.196root 11241100x80000000000000004023568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028dd545264c4a332021-12-22 12:45:35.196root 11241100x80000000000000004023569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844556438375b62c2021-12-22 12:45:35.693root 11241100x80000000000000004023570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773dc9e0fc9400a12021-12-22 12:45:35.693root 11241100x80000000000000004023571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292030daee5304452021-12-22 12:45:35.694root 11241100x80000000000000004023572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a9c4f16dc26e5d2021-12-22 12:45:35.694root 11241100x80000000000000004023573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472d004447e8d6f82021-12-22 12:45:35.694root 11241100x80000000000000004023574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3ee83bff75e40f2021-12-22 12:45:35.694root 11241100x80000000000000004023575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d391095303f707052021-12-22 12:45:35.694root 11241100x80000000000000004023576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87c6ae69f629f442021-12-22 12:45:35.694root 11241100x80000000000000004023577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5852b7c18089793a2021-12-22 12:45:35.694root 11241100x80000000000000004023578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45217103fe3d0d7f2021-12-22 12:45:35.694root 11241100x80000000000000004023579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668cd688efea63da2021-12-22 12:45:35.694root 11241100x80000000000000004023580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7a8adc1fe9a6852021-12-22 12:45:35.695root 11241100x80000000000000004023581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cda49c3e26995182021-12-22 12:45:35.695root 11241100x80000000000000004023582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd9d3965afb5c722021-12-22 12:45:35.695root 11241100x80000000000000004023583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae05eb5fadd7bc82021-12-22 12:45:35.695root 11241100x80000000000000004023584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f19f7648bb1cb52021-12-22 12:45:35.695root 11241100x80000000000000004023585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192eff8fa4986c112021-12-22 12:45:35.695root 11241100x80000000000000004023586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18f2a4b64abd1dd2021-12-22 12:45:35.695root 11241100x80000000000000004023587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2e808d78d7e9912021-12-22 12:45:35.695root 11241100x80000000000000004023588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0a35fac643ddc62021-12-22 12:45:35.695root 11241100x80000000000000004023589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200c9f7381e61c532021-12-22 12:45:35.696root 11241100x80000000000000004023590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336e2c1666416c0a2021-12-22 12:45:35.696root 11241100x80000000000000004023591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f9a9c80e39322a2021-12-22 12:45:35.696root 23542300x80000000000000004023592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.127{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004023593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fb8a8562e5bb162021-12-22 12:45:36.128root 11241100x80000000000000004023594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79666476ff0573f2021-12-22 12:45:36.128root 11241100x80000000000000004023595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58d8cb055ee380d2021-12-22 12:45:36.128root 11241100x80000000000000004023596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129d5d22048914a92021-12-22 12:45:36.128root 11241100x80000000000000004023597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90470799bfb62462021-12-22 12:45:36.128root 11241100x80000000000000004023598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387e9b16a3c9ef932021-12-22 12:45:36.128root 11241100x80000000000000004023599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c2df9186275b4c2021-12-22 12:45:36.128root 11241100x80000000000000004023600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c622455a3bba8f942021-12-22 12:45:36.128root 11241100x80000000000000004023601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7eae0a3af72c122021-12-22 12:45:36.128root 11241100x80000000000000004023602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc04b9d5850fa802021-12-22 12:45:36.128root 11241100x80000000000000004023603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a42582021dc64622021-12-22 12:45:36.129root 11241100x80000000000000004023604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405c69c8aa9fecf02021-12-22 12:45:36.129root 11241100x80000000000000004023605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dc671216641ebf2021-12-22 12:45:36.129root 11241100x80000000000000004023606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6757caf8b70f0b2021-12-22 12:45:36.129root 11241100x80000000000000004023607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e81eb61178432fd2021-12-22 12:45:36.129root 11241100x80000000000000004023608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f708f02f2955fd2021-12-22 12:45:36.129root 11241100x80000000000000004023609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019cdc25abc1d17f2021-12-22 12:45:36.129root 11241100x80000000000000004023610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df786372dd564af32021-12-22 12:45:36.129root 11241100x80000000000000004023611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3997bc48347a2542021-12-22 12:45:36.129root 11241100x80000000000000004023612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3f73659e2b8efa2021-12-22 12:45:36.129root 11241100x80000000000000004023613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710856eba9d419262021-12-22 12:45:36.129root 11241100x80000000000000004023614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47014cf65a0d29c92021-12-22 12:45:36.129root 11241100x80000000000000004023615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86176dcfb20200be2021-12-22 12:45:36.130root 11241100x80000000000000004023616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecd5788940627bc2021-12-22 12:45:36.130root 11241100x80000000000000004023617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc866ee4c03f0b92021-12-22 12:45:36.130root 11241100x80000000000000004023618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca7216ce0665f2c2021-12-22 12:45:36.130root 11241100x80000000000000004023619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f142102b93a728532021-12-22 12:45:36.130root 11241100x80000000000000004023620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9c1eed2d2dd43a2021-12-22 12:45:36.130root 11241100x80000000000000004023621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593946e66e6cf5272021-12-22 12:45:36.130root 11241100x80000000000000004023622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acea9379c4593ac2021-12-22 12:45:36.130root 11241100x80000000000000004023623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430ea541762a96d32021-12-22 12:45:36.443root 11241100x80000000000000004023624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb85a1aafd4e05f52021-12-22 12:45:36.443root 11241100x80000000000000004023625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81912152bdeea932021-12-22 12:45:36.443root 11241100x80000000000000004023626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849fc745acbadaef2021-12-22 12:45:36.443root 11241100x80000000000000004023627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d44117a8154cc932021-12-22 12:45:36.444root 11241100x80000000000000004023628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90aa06506ef11f72021-12-22 12:45:36.444root 11241100x80000000000000004023629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4334bd50490686ba2021-12-22 12:45:36.444root 11241100x80000000000000004023630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33026a38731cd2502021-12-22 12:45:36.444root 11241100x80000000000000004023631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9cd22d6fb7c32f2021-12-22 12:45:36.444root 11241100x80000000000000004023632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26d9f35a284e9482021-12-22 12:45:36.444root 11241100x80000000000000004023633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80f2295a4e014922021-12-22 12:45:36.445root 11241100x80000000000000004023634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553f88a77b2684c32021-12-22 12:45:36.445root 11241100x80000000000000004023635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6082df24ea0fb692021-12-22 12:45:36.445root 11241100x80000000000000004023636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11548a260f40a042021-12-22 12:45:36.445root 11241100x80000000000000004023637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcc58e1faaaeeb92021-12-22 12:45:36.445root 11241100x80000000000000004023638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad15e5e8eb0779242021-12-22 12:45:36.445root 11241100x80000000000000004023639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad2135a0e9803412021-12-22 12:45:36.445root 11241100x80000000000000004023640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a004f7a4a138234a2021-12-22 12:45:36.446root 11241100x80000000000000004023641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3783a6f47749d1f02021-12-22 12:45:36.446root 11241100x80000000000000004023642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d30134268fc2002021-12-22 12:45:36.446root 11241100x80000000000000004023643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02d023987cac3f82021-12-22 12:45:36.446root 11241100x80000000000000004023644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fc37979a1feb902021-12-22 12:45:36.446root 11241100x80000000000000004023645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3718a181b67133812021-12-22 12:45:36.446root 11241100x80000000000000004023646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047f3f206413e1aa2021-12-22 12:45:36.447root 11241100x80000000000000004023647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950232a0a4ae6c282021-12-22 12:45:36.943root 11241100x80000000000000004023648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f88fa8755559f602021-12-22 12:45:36.943root 11241100x80000000000000004023649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ceca8783969feb2021-12-22 12:45:36.943root 11241100x80000000000000004023650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b0b8478eafa1652021-12-22 12:45:36.943root 11241100x80000000000000004023651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3303b85c32fa65262021-12-22 12:45:36.943root 11241100x80000000000000004023652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3b42821c4ba7ed2021-12-22 12:45:36.943root 11241100x80000000000000004023653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad574fbee9efabee2021-12-22 12:45:36.944root 11241100x80000000000000004023654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7163f2f8597107392021-12-22 12:45:36.944root 11241100x80000000000000004023655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00039aa51902740f2021-12-22 12:45:36.944root 11241100x80000000000000004023656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15a5f5be4dd65742021-12-22 12:45:36.944root 11241100x80000000000000004023657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345e11b9a5df50a12021-12-22 12:45:36.944root 11241100x80000000000000004023658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e3be29266bb3022021-12-22 12:45:36.944root 11241100x80000000000000004023659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3946b6644a96532021-12-22 12:45:36.945root 11241100x80000000000000004023660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d73397c9d0140aa2021-12-22 12:45:36.945root 11241100x80000000000000004023661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dc2ba24b909b652021-12-22 12:45:36.945root 11241100x80000000000000004023662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3355c0b83e3fcb252021-12-22 12:45:36.945root 11241100x80000000000000004023663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd149ed26cca66232021-12-22 12:45:36.946root 11241100x80000000000000004023664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac3c85cfe8068a32021-12-22 12:45:36.946root 11241100x80000000000000004023665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa6e90748aab2a82021-12-22 12:45:36.946root 11241100x80000000000000004023666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f0a0821531a1572021-12-22 12:45:36.946root 11241100x80000000000000004023667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463c1bb75ecf79c72021-12-22 12:45:36.946root 11241100x80000000000000004023668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1261a7dd73828e32021-12-22 12:45:36.947root 11241100x80000000000000004023669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114212f8b29637e02021-12-22 12:45:36.947root 11241100x80000000000000004023670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54b970acf9335452021-12-22 12:45:36.947root 11241100x80000000000000004023671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b23249d453b3ef32021-12-22 12:45:36.948root 11241100x80000000000000004023672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1495f730b0905fa42021-12-22 12:45:37.443root 11241100x80000000000000004023673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f90d4856bb3557d2021-12-22 12:45:37.443root 11241100x80000000000000004023674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60a2460918ac3942021-12-22 12:45:37.443root 11241100x80000000000000004023675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586c5f4b3639b6932021-12-22 12:45:37.443root 11241100x80000000000000004023676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be39706ee78a8b92021-12-22 12:45:37.444root 11241100x80000000000000004023677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de259d6a1993bcc2021-12-22 12:45:37.444root 11241100x80000000000000004023678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f28bb10d4330032021-12-22 12:45:37.444root 11241100x80000000000000004023679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258ef87da5a796b82021-12-22 12:45:37.444root 11241100x80000000000000004023680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fe54d97418c5b32021-12-22 12:45:37.444root 11241100x80000000000000004023681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee54377d8e08c7d32021-12-22 12:45:37.444root 11241100x80000000000000004023682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ddfd51549e35172021-12-22 12:45:37.444root 11241100x80000000000000004023683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8b045e1178f1d62021-12-22 12:45:37.444root 11241100x80000000000000004023684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7496b7a83115b8352021-12-22 12:45:37.444root 11241100x80000000000000004023685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221dc9a24b01d8392021-12-22 12:45:37.444root 11241100x80000000000000004023686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44226e8c5e9013612021-12-22 12:45:37.444root 11241100x80000000000000004023687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c38b3ead789ddf2021-12-22 12:45:37.444root 11241100x80000000000000004023688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fd1c05fcfff71a2021-12-22 12:45:37.445root 11241100x80000000000000004023689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183216e9bc76cb3a2021-12-22 12:45:37.445root 11241100x80000000000000004023690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574df2e9c15c74dc2021-12-22 12:45:37.445root 11241100x80000000000000004023691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3409852dd290bf702021-12-22 12:45:37.445root 11241100x80000000000000004023692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c9990df0197fa52021-12-22 12:45:37.445root 11241100x80000000000000004023693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8586562d8a4673a92021-12-22 12:45:37.445root 11241100x80000000000000004023694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154f9441ae15f1d12021-12-22 12:45:37.445root 11241100x80000000000000004023695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee8983421f0d0062021-12-22 12:45:37.445root 11241100x80000000000000004023696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec505453fbea8a4f2021-12-22 12:45:37.943root 11241100x80000000000000004023697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff806bb63cbc6672021-12-22 12:45:37.943root 11241100x80000000000000004023698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f6d2704fdce7bd2021-12-22 12:45:37.944root 11241100x80000000000000004023699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b20c85dc51a27662021-12-22 12:45:37.944root 11241100x80000000000000004023700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32dd28e41f7a0e12021-12-22 12:45:37.944root 11241100x80000000000000004023701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea186895714ab3a2021-12-22 12:45:37.944root 11241100x80000000000000004023702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbe88f26914f3662021-12-22 12:45:37.944root 11241100x80000000000000004023703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29603874c3cb7872021-12-22 12:45:37.944root 11241100x80000000000000004023704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2209302efe647a2021-12-22 12:45:37.944root 11241100x80000000000000004023705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc302ff207af7e52021-12-22 12:45:37.944root 11241100x80000000000000004023706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96393a6aabbca7ef2021-12-22 12:45:37.944root 11241100x80000000000000004023707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec99f040e57bba792021-12-22 12:45:37.945root 11241100x80000000000000004023708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5d6358acd17b912021-12-22 12:45:37.945root 11241100x80000000000000004023709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce53e3729e11d2572021-12-22 12:45:37.945root 11241100x80000000000000004023710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ccd77428460bcb2021-12-22 12:45:37.945root 11241100x80000000000000004023711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd8686c4899d59a2021-12-22 12:45:37.945root 11241100x80000000000000004023712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052105a46e0894a82021-12-22 12:45:37.945root 11241100x80000000000000004023713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8888d2df8462cc12021-12-22 12:45:37.945root 11241100x80000000000000004023714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e1cc57186c75e42021-12-22 12:45:37.945root 11241100x80000000000000004023715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15479a0c4929e4af2021-12-22 12:45:37.945root 11241100x80000000000000004023716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cd45b2009088472021-12-22 12:45:37.945root 11241100x80000000000000004023717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05f96a2ccaf17762021-12-22 12:45:37.945root 11241100x80000000000000004023718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3792827904f3502021-12-22 12:45:37.946root 11241100x80000000000000004023719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb2c6f9e41164772021-12-22 12:45:37.946root 354300x80000000000000004023720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.176{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56868-false10.0.1.12-8000- 11241100x80000000000000004023721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33903d7674a9cfcd2021-12-22 12:45:38.443root 11241100x80000000000000004023722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e7a20ff2411e212021-12-22 12:45:38.443root 11241100x80000000000000004023723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9796aed3e1ae45a62021-12-22 12:45:38.443root 11241100x80000000000000004023724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8358674346d7fa2021-12-22 12:45:38.444root 11241100x80000000000000004023725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3755aa9a5883c23f2021-12-22 12:45:38.444root 11241100x80000000000000004023726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019e5f508130b2862021-12-22 12:45:38.444root 11241100x80000000000000004023727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ef616fdec0876e2021-12-22 12:45:38.444root 11241100x80000000000000004023728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6257a138d76c772021-12-22 12:45:38.445root 11241100x80000000000000004023729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a61b970e30f2fb32021-12-22 12:45:38.445root 11241100x80000000000000004023730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e6c205da3abfd22021-12-22 12:45:38.445root 11241100x80000000000000004023731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2422105d808418102021-12-22 12:45:38.445root 11241100x80000000000000004023732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af63db08e2d3afcb2021-12-22 12:45:38.445root 11241100x80000000000000004023733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc9587c35c1d9a22021-12-22 12:45:38.445root 11241100x80000000000000004023734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f82f3df59294712021-12-22 12:45:38.445root 11241100x80000000000000004023735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324765495fe8af032021-12-22 12:45:38.446root 11241100x80000000000000004023736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64664753167a603b2021-12-22 12:45:38.446root 11241100x80000000000000004023737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53409bb4a705c4bb2021-12-22 12:45:38.446root 11241100x80000000000000004023738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32784bf7e7a168592021-12-22 12:45:38.446root 11241100x80000000000000004023739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c454c3e7b6b25a892021-12-22 12:45:38.446root 11241100x80000000000000004023740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceeef4fa5afffe852021-12-22 12:45:38.447root 11241100x80000000000000004023741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5f9cd092d4177b2021-12-22 12:45:38.447root 11241100x80000000000000004023742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1573ed5f0f3ac792021-12-22 12:45:38.447root 11241100x80000000000000004023743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59f2387cf58637d2021-12-22 12:45:38.447root 11241100x80000000000000004023744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb167a598e54bc892021-12-22 12:45:38.448root 11241100x80000000000000004023745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e4692204d507452021-12-22 12:45:38.448root 11241100x80000000000000004023746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09b2b3410c2fbe62021-12-22 12:45:38.943root 11241100x80000000000000004023747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72836a86021c2602021-12-22 12:45:38.943root 11241100x80000000000000004023748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2814d6e7b04814da2021-12-22 12:45:38.943root 11241100x80000000000000004023749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecac94e8232a2aac2021-12-22 12:45:38.943root 11241100x80000000000000004023750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2a6ab3bf299ed12021-12-22 12:45:38.943root 11241100x80000000000000004023751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63c0a49146fcab72021-12-22 12:45:38.944root 11241100x80000000000000004023752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5a3b1d6a7227c82021-12-22 12:45:38.944root 11241100x80000000000000004023753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e42bfebc3d538302021-12-22 12:45:38.944root 11241100x80000000000000004023754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2417c8c7c9577512021-12-22 12:45:38.944root 11241100x80000000000000004023755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fe3504a2db35462021-12-22 12:45:38.944root 11241100x80000000000000004023756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ae4502219ba9482021-12-22 12:45:38.944root 11241100x80000000000000004023757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fef696d37f72532021-12-22 12:45:38.944root 11241100x80000000000000004023758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2843c887719d602021-12-22 12:45:38.944root 11241100x80000000000000004023759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ababae6d4d28aca2021-12-22 12:45:38.944root 11241100x80000000000000004023760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2b718bdf372ba62021-12-22 12:45:38.944root 11241100x80000000000000004023761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dea4a33737effa62021-12-22 12:45:38.944root 11241100x80000000000000004023762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b43b62b0ec29a52021-12-22 12:45:38.945root 11241100x80000000000000004023763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a58343eff41f6c12021-12-22 12:45:38.945root 11241100x80000000000000004023764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e88a5b0f62431902021-12-22 12:45:38.945root 11241100x80000000000000004023765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30715d59497d1e352021-12-22 12:45:38.945root 11241100x80000000000000004023766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f7a8346bfe18722021-12-22 12:45:38.945root 11241100x80000000000000004023767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814fba4e9e45ed762021-12-22 12:45:38.945root 11241100x80000000000000004023768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf26f00efe9f5762021-12-22 12:45:38.945root 11241100x80000000000000004023769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d45bc743e875ef2021-12-22 12:45:38.945root 11241100x80000000000000004023770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d660e28aae0165302021-12-22 12:45:38.945root 11241100x80000000000000004023771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3a03fbe5e5aff02021-12-22 12:45:39.443root 11241100x80000000000000004023772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1e19bc07f961eb2021-12-22 12:45:39.443root 11241100x80000000000000004023773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da96cc7b0bd683512021-12-22 12:45:39.443root 11241100x80000000000000004023774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fccd45122bee9e2021-12-22 12:45:39.443root 11241100x80000000000000004023775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b1fa40989dc20e2021-12-22 12:45:39.443root 11241100x80000000000000004023776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15779a658c95c8622021-12-22 12:45:39.444root 11241100x80000000000000004023777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8154fdc67c2864ab2021-12-22 12:45:39.444root 11241100x80000000000000004023778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec19bebe486459a2021-12-22 12:45:39.444root 11241100x80000000000000004023779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be156c5b6e1cd1be2021-12-22 12:45:39.444root 11241100x80000000000000004023780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339d902750b77aa52021-12-22 12:45:39.444root 11241100x80000000000000004023781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f59c099a05c20b2021-12-22 12:45:39.444root 11241100x80000000000000004023782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759999e61c54b9c12021-12-22 12:45:39.444root 11241100x80000000000000004023783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87825558d6a7c9722021-12-22 12:45:39.444root 11241100x80000000000000004023784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e770f76bce56b9182021-12-22 12:45:39.444root 11241100x80000000000000004023785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bedaf82ca030dd92021-12-22 12:45:39.444root 11241100x80000000000000004023786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f355b6de21e98e2021-12-22 12:45:39.444root 11241100x80000000000000004023787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d340439884f2152021-12-22 12:45:39.444root 11241100x80000000000000004023788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87614b0ae1430de2021-12-22 12:45:39.445root 11241100x80000000000000004023789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b2513dca714aa02021-12-22 12:45:39.445root 11241100x80000000000000004023790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7725786352eae12021-12-22 12:45:39.445root 11241100x80000000000000004023791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddf132875c300d72021-12-22 12:45:39.445root 11241100x80000000000000004023792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae34128e43537e772021-12-22 12:45:39.445root 11241100x80000000000000004023793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ceda6e8c6a943cb2021-12-22 12:45:39.445root 11241100x80000000000000004023794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45750ad5b5b66f202021-12-22 12:45:39.445root 11241100x80000000000000004023795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b76de272ea649ba2021-12-22 12:45:39.445root 11241100x80000000000000004023796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b970ba669ddca812021-12-22 12:45:39.943root 11241100x80000000000000004023797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdbf322b56dfbaf2021-12-22 12:45:39.943root 11241100x80000000000000004023798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68105e0efe1ed4b2021-12-22 12:45:39.943root 11241100x80000000000000004023799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dcdd8e567fcc392021-12-22 12:45:39.943root 11241100x80000000000000004023800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79af4767be57b392021-12-22 12:45:39.943root 11241100x80000000000000004023801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30b5e043a78d5442021-12-22 12:45:39.943root 11241100x80000000000000004023802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ced59b638c3a0a2021-12-22 12:45:39.943root 11241100x80000000000000004023803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc62f8c990e73c582021-12-22 12:45:39.943root 11241100x80000000000000004023804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7ee0648190d8352021-12-22 12:45:39.943root 11241100x80000000000000004023805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e153ed2f6a29c1b02021-12-22 12:45:39.944root 11241100x80000000000000004023806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc025ff6ca5324722021-12-22 12:45:39.944root 11241100x80000000000000004023807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81446b11125432832021-12-22 12:45:39.944root 11241100x80000000000000004023808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9477b6fec6661f2021-12-22 12:45:39.944root 11241100x80000000000000004023809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc282c3eedfcccc2021-12-22 12:45:39.944root 11241100x80000000000000004023810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f714cd6bcec3540c2021-12-22 12:45:39.944root 11241100x80000000000000004023811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48ae3fbe3dbd2012021-12-22 12:45:39.945root 11241100x80000000000000004023812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d67be99f4d11192021-12-22 12:45:39.945root 11241100x80000000000000004023813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73aedfd5a3e98e812021-12-22 12:45:39.945root 11241100x80000000000000004023814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753be7cd991e9cb52021-12-22 12:45:39.945root 11241100x80000000000000004023815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6abd9a642c0a0702021-12-22 12:45:39.945root 11241100x80000000000000004023816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f44fc7de7fba9862021-12-22 12:45:39.947root 11241100x80000000000000004023817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da50afb056cccb62021-12-22 12:45:39.947root 11241100x80000000000000004023818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5918bc94bc10da2021-12-22 12:45:39.947root 11241100x80000000000000004023819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da9dd84ad332aae2021-12-22 12:45:39.948root 11241100x80000000000000004023820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0830ee8d2dbd6c332021-12-22 12:45:39.948root 11241100x80000000000000004023821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c9c1da8511b2652021-12-22 12:45:39.948root 11241100x80000000000000004023822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8040ccae9015bf3a2021-12-22 12:45:40.443root 11241100x80000000000000004023823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2377d11f4af6dbb72021-12-22 12:45:40.443root 11241100x80000000000000004023824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0770787b1c4c8b2021-12-22 12:45:40.443root 11241100x80000000000000004023825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b894cf4776e443092021-12-22 12:45:40.443root 11241100x80000000000000004023826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0843e4ad7db7e522021-12-22 12:45:40.443root 11241100x80000000000000004023827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ea761bda2cdc6a2021-12-22 12:45:40.444root 11241100x80000000000000004023828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4808fe179262392021-12-22 12:45:40.444root 11241100x80000000000000004023829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb0cc8f1c35e4e12021-12-22 12:45:40.444root 11241100x80000000000000004023830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f973d3cbf29df65d2021-12-22 12:45:40.444root 11241100x80000000000000004023831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a782d758aa3f38bf2021-12-22 12:45:40.444root 11241100x80000000000000004023832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e0b244839091882021-12-22 12:45:40.444root 11241100x80000000000000004023833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c247df4e8a1045c2021-12-22 12:45:40.444root 11241100x80000000000000004023834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cc1070670825ad2021-12-22 12:45:40.444root 11241100x80000000000000004023835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca725ed17bcc72fb2021-12-22 12:45:40.444root 11241100x80000000000000004023836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d305c6dd204fccb2021-12-22 12:45:40.444root 11241100x80000000000000004023837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f10716a47181572021-12-22 12:45:40.444root 11241100x80000000000000004023838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95607bb1a08411822021-12-22 12:45:40.445root 11241100x80000000000000004023839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372c6c94664931be2021-12-22 12:45:40.445root 11241100x80000000000000004023840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9e3e872e0463772021-12-22 12:45:40.445root 11241100x80000000000000004023841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438161e053e36dbe2021-12-22 12:45:40.445root 11241100x80000000000000004023842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc0526b4f0e348a2021-12-22 12:45:40.445root 11241100x80000000000000004023843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4577849295fe322021-12-22 12:45:40.445root 11241100x80000000000000004023844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2ee1b9adf311572021-12-22 12:45:40.445root 11241100x80000000000000004023845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48ead2ab2950d172021-12-22 12:45:40.445root 11241100x80000000000000004023846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f97dc27bf963ca2021-12-22 12:45:40.445root 11241100x80000000000000004023847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5053e9867e32ed2021-12-22 12:45:40.943root 11241100x80000000000000004023848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e0a544c5e2f3582021-12-22 12:45:40.943root 11241100x80000000000000004023849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ceac644f59e6802021-12-22 12:45:40.943root 11241100x80000000000000004023850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8238b75bf7bcd42021-12-22 12:45:40.943root 11241100x80000000000000004023851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65742c1f1a233f412021-12-22 12:45:40.943root 11241100x80000000000000004023852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1f6253a3e71a7f2021-12-22 12:45:40.944root 11241100x80000000000000004023853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e73acc96f41477e2021-12-22 12:45:40.944root 11241100x80000000000000004023854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cb8f35b863b2232021-12-22 12:45:40.944root 11241100x80000000000000004023855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdbc4dbaee50de52021-12-22 12:45:40.944root 11241100x80000000000000004023856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc4dc9d477ac7292021-12-22 12:45:40.944root 11241100x80000000000000004023857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac34d004709e19ad2021-12-22 12:45:40.944root 11241100x80000000000000004023858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264a93be719199332021-12-22 12:45:40.944root 11241100x80000000000000004023859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790eb5602f43bc6e2021-12-22 12:45:40.944root 11241100x80000000000000004023860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c539c7474b7eea5f2021-12-22 12:45:40.944root 11241100x80000000000000004023861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe45fee3e4d4f6d2021-12-22 12:45:40.944root 11241100x80000000000000004023862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf70f42986d582cd2021-12-22 12:45:40.944root 11241100x80000000000000004023863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b592445607ca9912021-12-22 12:45:40.944root 11241100x80000000000000004023864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88702e183597ce8d2021-12-22 12:45:40.944root 11241100x80000000000000004023865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44533c2ca10232752021-12-22 12:45:40.944root 11241100x80000000000000004023866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c49ff1bbaaf7fa52021-12-22 12:45:40.944root 11241100x80000000000000004023867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5589bedb58c1b5082021-12-22 12:45:40.945root 11241100x80000000000000004023868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b9b289395fc63b2021-12-22 12:45:40.945root 11241100x80000000000000004023869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ba30e50a909b552021-12-22 12:45:40.945root 11241100x80000000000000004023870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bfe434eecbbaaa2021-12-22 12:45:40.945root 11241100x80000000000000004023871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e611645d16bd1d72021-12-22 12:45:40.945root 11241100x80000000000000004023872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a2057808b774142021-12-22 12:45:41.443root 11241100x80000000000000004023873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba641b2ccdefd3e2021-12-22 12:45:41.443root 11241100x80000000000000004023874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef319864502a0a52021-12-22 12:45:41.443root 11241100x80000000000000004023875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9642f23bc0fd7eb2021-12-22 12:45:41.443root 11241100x80000000000000004023876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1f9d4d01416c2f2021-12-22 12:45:41.443root 11241100x80000000000000004023877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8441d32a8c73ee82021-12-22 12:45:41.443root 11241100x80000000000000004023878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d33d518b55afed2021-12-22 12:45:41.443root 11241100x80000000000000004023879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26a3fc2f0762aed2021-12-22 12:45:41.443root 11241100x80000000000000004023880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932372979d8a627a2021-12-22 12:45:41.443root 11241100x80000000000000004023881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3453831113e99ae82021-12-22 12:45:41.443root 11241100x80000000000000004023882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ece08c36de8f9a2021-12-22 12:45:41.444root 11241100x80000000000000004023883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b03ce52d0696c862021-12-22 12:45:41.444root 11241100x80000000000000004023884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb4c76299d89c3d2021-12-22 12:45:41.444root 11241100x80000000000000004023885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9950609cc0dc8bf2021-12-22 12:45:41.444root 11241100x80000000000000004023886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6267e3156ea543222021-12-22 12:45:41.444root 11241100x80000000000000004023887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c55f1f1ad8dd86c2021-12-22 12:45:41.444root 11241100x80000000000000004023888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0979a11ed7c9032021-12-22 12:45:41.444root 11241100x80000000000000004023889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8376d458bb09a0012021-12-22 12:45:41.444root 11241100x80000000000000004023890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a61dd8f0af498382021-12-22 12:45:41.444root 11241100x80000000000000004023891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f474f14e11944c2021-12-22 12:45:41.444root 11241100x80000000000000004023892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c13d3b4010e15a2021-12-22 12:45:41.444root 11241100x80000000000000004023893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c99f86d12f4191d2021-12-22 12:45:41.444root 11241100x80000000000000004023894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4b9b0e28210a932021-12-22 12:45:41.445root 11241100x80000000000000004023895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47167b059131b17d2021-12-22 12:45:41.445root 11241100x80000000000000004023896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31970f0be27bf5242021-12-22 12:45:41.445root 11241100x80000000000000004023897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac37a64380a0a482021-12-22 12:45:41.445root 11241100x80000000000000004023898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf9f98f5bae113b2021-12-22 12:45:41.445root 11241100x80000000000000004023899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46c01bd466868a82021-12-22 12:45:41.943root 11241100x80000000000000004023900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6770323c3d97bb912021-12-22 12:45:41.943root 11241100x80000000000000004023901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d0c269e20fd4442021-12-22 12:45:41.943root 11241100x80000000000000004023902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3889e7f14927bf822021-12-22 12:45:41.944root 11241100x80000000000000004023903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9cd4c4c6b25bf72021-12-22 12:45:41.944root 11241100x80000000000000004023904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202c4ce70ffcc2202021-12-22 12:45:41.944root 11241100x80000000000000004023905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2da4576c86c2ea12021-12-22 12:45:41.944root 11241100x80000000000000004023906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca24ffeb238b9962021-12-22 12:45:41.944root 11241100x80000000000000004023907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435b391972dcac672021-12-22 12:45:41.944root 11241100x80000000000000004023908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ad04c004df971d2021-12-22 12:45:41.944root 11241100x80000000000000004023909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0e3ba0b9383ffd2021-12-22 12:45:41.944root 11241100x80000000000000004023910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c77a82d35153e12021-12-22 12:45:41.944root 11241100x80000000000000004023911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d600686386480022021-12-22 12:45:41.944root 11241100x80000000000000004023912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b796e15db1bfee2021-12-22 12:45:41.945root 11241100x80000000000000004023913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a9928f8102a7f02021-12-22 12:45:41.945root 11241100x80000000000000004023914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626cb702e426cdc22021-12-22 12:45:41.945root 11241100x80000000000000004023915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d062cbfa1d6ce472021-12-22 12:45:41.945root 11241100x80000000000000004023916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b7c77d711058622021-12-22 12:45:41.945root 11241100x80000000000000004023917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ba7692b4a301a42021-12-22 12:45:41.945root 11241100x80000000000000004023918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980f3bf86c2e51852021-12-22 12:45:41.945root 11241100x80000000000000004023919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2466f61d7e35df6d2021-12-22 12:45:41.946root 11241100x80000000000000004023920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a72bc6a307aa8e2021-12-22 12:45:41.946root 11241100x80000000000000004023921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3658dca840bdc74c2021-12-22 12:45:41.946root 11241100x80000000000000004023922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8beb531e87ef422021-12-22 12:45:41.946root 11241100x80000000000000004023923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992cef4a8bdc5a122021-12-22 12:45:41.946root 11241100x80000000000000004023924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2e0a22f45df2f52021-12-22 12:45:42.443root 11241100x80000000000000004023925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e468f03b0b4a1b1c2021-12-22 12:45:42.443root 11241100x80000000000000004023926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c467ffc9f4bd522021-12-22 12:45:42.444root 11241100x80000000000000004023927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eb1bf7da45472c2021-12-22 12:45:42.444root 11241100x80000000000000004023928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea44008dbd396fa02021-12-22 12:45:42.444root 11241100x80000000000000004023929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165486feaef1d48c2021-12-22 12:45:42.444root 11241100x80000000000000004023930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497f063af5d34ace2021-12-22 12:45:42.444root 11241100x80000000000000004023931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a7b45c75a20a942021-12-22 12:45:42.444root 11241100x80000000000000004023932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceae997dd8242afb2021-12-22 12:45:42.444root 11241100x80000000000000004023933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13547b792f1342f42021-12-22 12:45:42.445root 11241100x80000000000000004023934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e392252adf88b5152021-12-22 12:45:42.445root 11241100x80000000000000004023935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c28a4da1619ce962021-12-22 12:45:42.445root 11241100x80000000000000004023936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266c8a5e41566db42021-12-22 12:45:42.445root 11241100x80000000000000004023937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245fcdf2c2b875cd2021-12-22 12:45:42.445root 11241100x80000000000000004023938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ed4c3922ebde232021-12-22 12:45:42.445root 11241100x80000000000000004023939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820f6f400815f4422021-12-22 12:45:42.445root 11241100x80000000000000004023940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa5003c9257e94b2021-12-22 12:45:42.445root 11241100x80000000000000004023941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04a98130cca39a92021-12-22 12:45:42.445root 11241100x80000000000000004023942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2e9223031c4eb42021-12-22 12:45:42.445root 11241100x80000000000000004023943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aafda87a40ba6432021-12-22 12:45:42.445root 11241100x80000000000000004023944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067dfa9aebb6376e2021-12-22 12:45:42.446root 11241100x80000000000000004023945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f7660f69608b0c2021-12-22 12:45:42.446root 11241100x80000000000000004023946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e16288815d56bca2021-12-22 12:45:42.446root 11241100x80000000000000004023947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57d0ac55ebb1cb62021-12-22 12:45:42.446root 11241100x80000000000000004023948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e3dd35452d4ee42021-12-22 12:45:42.447root 11241100x80000000000000004023949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d98f4585cddd2382021-12-22 12:45:42.943root 11241100x80000000000000004023950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f2e4c3e13b66982021-12-22 12:45:42.943root 11241100x80000000000000004023951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5114015e3b244a2021-12-22 12:45:42.944root 11241100x80000000000000004023952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f3711f05f881932021-12-22 12:45:42.944root 11241100x80000000000000004023953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef467b8de49a2052021-12-22 12:45:42.944root 11241100x80000000000000004023954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750cad5a51b57cc12021-12-22 12:45:42.944root 11241100x80000000000000004023955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bed1b49e70ee562021-12-22 12:45:42.944root 11241100x80000000000000004023956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5234e3fe15621b842021-12-22 12:45:42.944root 11241100x80000000000000004023957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ace7da74f37ae3a2021-12-22 12:45:42.945root 11241100x80000000000000004023958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4132eb3658a76f2021-12-22 12:45:42.945root 11241100x80000000000000004023959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5579ef9e6889eaf12021-12-22 12:45:42.945root 11241100x80000000000000004023960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b429e8d168be9c2021-12-22 12:45:42.945root 11241100x80000000000000004023961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12020a3931ad2ce62021-12-22 12:45:42.945root 11241100x80000000000000004023962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b64edff8db85262021-12-22 12:45:42.945root 11241100x80000000000000004023963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cf981a38a298cb2021-12-22 12:45:42.945root 11241100x80000000000000004023964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92610d56941bd7472021-12-22 12:45:42.945root 11241100x80000000000000004023965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8117c77252ea1ae02021-12-22 12:45:42.945root 11241100x80000000000000004023966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0ba72975e585d32021-12-22 12:45:42.946root 11241100x80000000000000004023967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1be5446947eae2a2021-12-22 12:45:42.946root 11241100x80000000000000004023968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01965652dc948fe42021-12-22 12:45:42.946root 11241100x80000000000000004023969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c50ebacd365e5e2021-12-22 12:45:42.946root 11241100x80000000000000004023970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9762b3ca3dc405b62021-12-22 12:45:42.946root 11241100x80000000000000004023971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0314f712f4ceda802021-12-22 12:45:42.946root 11241100x80000000000000004023972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1973d4221b493e1d2021-12-22 12:45:42.946root 11241100x80000000000000004023973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f5f6d23fdbc7f52021-12-22 12:45:42.946root 11241100x80000000000000004023974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b49bc70df4f28f2021-12-22 12:45:43.443root 11241100x80000000000000004023975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346a3b6ae1888bd02021-12-22 12:45:43.443root 11241100x80000000000000004023976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4a9d033eb961972021-12-22 12:45:43.443root 11241100x80000000000000004023977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7429c095e1e2dd42021-12-22 12:45:43.443root 11241100x80000000000000004023978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2f54f9ba6e025e2021-12-22 12:45:43.444root 11241100x80000000000000004023979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570fceecf471f8cc2021-12-22 12:45:43.444root 11241100x80000000000000004023980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930202a14e10eb692021-12-22 12:45:43.444root 11241100x80000000000000004023981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091872a46f13ae252021-12-22 12:45:43.444root 11241100x80000000000000004023982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d726c982bfeea62021-12-22 12:45:43.444root 11241100x80000000000000004023983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7a2a6bc9a459312021-12-22 12:45:43.445root 11241100x80000000000000004023984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756b51576224fd1e2021-12-22 12:45:43.445root 11241100x80000000000000004023985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce0b3bb3341bcf12021-12-22 12:45:43.445root 11241100x80000000000000004023986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef837bdfbbca7deb2021-12-22 12:45:43.445root 11241100x80000000000000004023987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba958bde6996040b2021-12-22 12:45:43.445root 11241100x80000000000000004023988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e497f2139f0dd02021-12-22 12:45:43.445root 11241100x80000000000000004023989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198fdbe144e8a4752021-12-22 12:45:43.445root 11241100x80000000000000004023990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7741b08d65f85dd2021-12-22 12:45:43.445root 11241100x80000000000000004023991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f142d7031af7fb562021-12-22 12:45:43.446root 11241100x80000000000000004023992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fc879bd11797572021-12-22 12:45:43.446root 11241100x80000000000000004023993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63382af0cc5b7b732021-12-22 12:45:43.446root 11241100x80000000000000004023994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea8943d1c6b329f2021-12-22 12:45:43.447root 11241100x80000000000000004023995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424345347e84d6462021-12-22 12:45:43.447root 11241100x80000000000000004023996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0198dc530eee27bc2021-12-22 12:45:43.447root 11241100x80000000000000004023997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996d18ecd25ebf482021-12-22 12:45:43.447root 11241100x80000000000000004023998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d778cc5ad7a62e42021-12-22 12:45:43.447root 11241100x80000000000000004023999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d538be96f2781df2021-12-22 12:45:43.448root 11241100x80000000000000004024000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652dcdafa04a42af2021-12-22 12:45:43.448root 11241100x80000000000000004024001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbe95f9b2e1eb9d2021-12-22 12:45:43.448root 11241100x80000000000000004024002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c639c9408226dedb2021-12-22 12:45:43.945root 11241100x80000000000000004024003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877a804150629b2a2021-12-22 12:45:43.945root 11241100x80000000000000004024004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4072794a721d355d2021-12-22 12:45:43.945root 11241100x80000000000000004024005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164ab8b8b5d2e53c2021-12-22 12:45:43.945root 11241100x80000000000000004024006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfd8a6b01db569a2021-12-22 12:45:43.945root 11241100x80000000000000004024007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61491f5962e54d2f2021-12-22 12:45:43.946root 11241100x80000000000000004024008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0ff71f9b4eb54f2021-12-22 12:45:43.946root 11241100x80000000000000004024009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cafc11efdb7ba3f2021-12-22 12:45:43.946root 11241100x80000000000000004024010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fddf1a60f312002021-12-22 12:45:43.946root 11241100x80000000000000004024011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0288da3fe201322d2021-12-22 12:45:43.946root 11241100x80000000000000004024012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fb8eb010e4733b2021-12-22 12:45:43.946root 11241100x80000000000000004024013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ac41524eb5dbd22021-12-22 12:45:43.946root 11241100x80000000000000004024014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5df7d11cf4aaa62021-12-22 12:45:43.947root 11241100x80000000000000004024015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1972552863ced352021-12-22 12:45:43.947root 11241100x80000000000000004024016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12ddcaa97a2d6032021-12-22 12:45:43.947root 11241100x80000000000000004024017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458f283e7c8104212021-12-22 12:45:43.947root 11241100x80000000000000004024018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487dc325a92629542021-12-22 12:45:43.947root 11241100x80000000000000004024019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833a414c5c7662ca2021-12-22 12:45:43.947root 11241100x80000000000000004024020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52db8912eb7dcecf2021-12-22 12:45:43.948root 11241100x80000000000000004024021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92835717eae5e3962021-12-22 12:45:43.948root 11241100x80000000000000004024022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d7cf4a31292a002021-12-22 12:45:43.948root 11241100x80000000000000004024023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5024edf73e6470f2021-12-22 12:45:43.948root 11241100x80000000000000004024024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b31b44eabf99a62021-12-22 12:45:43.948root 11241100x80000000000000004024025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c952007ddf27452021-12-22 12:45:43.948root 11241100x80000000000000004024026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b99c723972d55462021-12-22 12:45:43.948root 11241100x80000000000000004024027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d578abe4e129998d2021-12-22 12:45:43.949root 11241100x80000000000000004024028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc894d6932a90a72021-12-22 12:45:43.949root 354300x80000000000000004024029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.030{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56870-false10.0.1.12-8000- 11241100x80000000000000004024030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294892c853267dc02021-12-22 12:45:44.443root 11241100x80000000000000004024031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e11e907f696124a2021-12-22 12:45:44.443root 11241100x80000000000000004024032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712f3b7baaa1fa082021-12-22 12:45:44.444root 11241100x80000000000000004024033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9a8975b77e99ef2021-12-22 12:45:44.444root 11241100x80000000000000004024034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc78d8a6c201c3a2021-12-22 12:45:44.444root 11241100x80000000000000004024035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11ab46f205f63ff2021-12-22 12:45:44.444root 11241100x80000000000000004024036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12586891a9cdf0ef2021-12-22 12:45:44.445root 11241100x80000000000000004024037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034fca505db4b7302021-12-22 12:45:44.445root 11241100x80000000000000004024038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ab7ce451fc54f42021-12-22 12:45:44.445root 11241100x80000000000000004024039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c73d374f642d722021-12-22 12:45:44.445root 11241100x80000000000000004024040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28de171e059760522021-12-22 12:45:44.446root 11241100x80000000000000004024041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f735e4c0463e63ed2021-12-22 12:45:44.446root 11241100x80000000000000004024042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f5f7895e722e862021-12-22 12:45:44.446root 11241100x80000000000000004024043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780e3baf929355932021-12-22 12:45:44.446root 11241100x80000000000000004024044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eb5593c50c3a3e2021-12-22 12:45:44.446root 11241100x80000000000000004024045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182c9be4b4ecaab02021-12-22 12:45:44.446root 11241100x80000000000000004024046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0236c9d94cbcd3432021-12-22 12:45:44.446root 11241100x80000000000000004024047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5bc07baa0fb24f2021-12-22 12:45:44.446root 11241100x80000000000000004024048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7ad27b2942aed02021-12-22 12:45:44.447root 11241100x80000000000000004024049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f7c78485b0c2ee2021-12-22 12:45:44.447root 11241100x80000000000000004024050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969bcbc6261880172021-12-22 12:45:44.447root 11241100x80000000000000004024051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11b444d2c332fae2021-12-22 12:45:44.447root 11241100x80000000000000004024052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130ebf17da0ac7562021-12-22 12:45:44.447root 11241100x80000000000000004024053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9dd93ac4705e862021-12-22 12:45:44.447root 11241100x80000000000000004024054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6040122e1a70f7b2021-12-22 12:45:44.447root 11241100x80000000000000004024055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46705ab39b94bdc32021-12-22 12:45:44.448root 11241100x80000000000000004024056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14719875a499f632021-12-22 12:45:44.943root 11241100x80000000000000004024057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffeee6319a02d02d2021-12-22 12:45:44.943root 11241100x80000000000000004024058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76d925f36ad3a002021-12-22 12:45:44.944root 11241100x80000000000000004024059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be14d5a0ff7159ba2021-12-22 12:45:44.944root 11241100x80000000000000004024060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf71f59d963cd2d2021-12-22 12:45:44.944root 11241100x80000000000000004024061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ffe247fbd6c0502021-12-22 12:45:44.944root 11241100x80000000000000004024062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3324088b196aa52021-12-22 12:45:44.944root 11241100x80000000000000004024063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731384b9039ad7b02021-12-22 12:45:44.944root 11241100x80000000000000004024064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219f96e304901b372021-12-22 12:45:44.944root 11241100x80000000000000004024065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b367e58d1852ae22021-12-22 12:45:44.944root 11241100x80000000000000004024066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a3cc9e77b1e1712021-12-22 12:45:44.944root 11241100x80000000000000004024067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a924a882df83e03c2021-12-22 12:45:44.945root 11241100x80000000000000004024068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a292b797e9d0834c2021-12-22 12:45:44.945root 11241100x80000000000000004024069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de3f524553e06b52021-12-22 12:45:44.945root 11241100x80000000000000004024070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e01d19fc8cd9ca2021-12-22 12:45:44.945root 11241100x80000000000000004024071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9976d0deaa919dc22021-12-22 12:45:44.945root 11241100x80000000000000004024072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47df9409027a2c632021-12-22 12:45:44.945root 11241100x80000000000000004024073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d0544e577636a42021-12-22 12:45:44.945root 11241100x80000000000000004024074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf981fc2734696ad2021-12-22 12:45:44.945root 11241100x80000000000000004024075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da855678d568ca0f2021-12-22 12:45:44.946root 11241100x80000000000000004024076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8eec3d80d2db502021-12-22 12:45:44.946root 11241100x80000000000000004024077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e9e9b0050c8a372021-12-22 12:45:44.946root 11241100x80000000000000004024078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8542472a256dba2021-12-22 12:45:44.946root 11241100x80000000000000004024079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86778d53c6d257c42021-12-22 12:45:44.946root 11241100x80000000000000004024080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e850cdd56ec0ce2021-12-22 12:45:44.946root 11241100x80000000000000004024081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ed9b3af4f7f0552021-12-22 12:45:44.947root 11241100x80000000000000004024082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d774526f1fbbca52021-12-22 12:45:44.947root 11241100x80000000000000004024083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521e62a723b0f27f2021-12-22 12:45:44.947root 11241100x80000000000000004024084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f29167c1153888d2021-12-22 12:45:44.947root 11241100x80000000000000004024085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72653d60bedeaae32021-12-22 12:45:44.947root 11241100x80000000000000004024086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4989460459ff67dd2021-12-22 12:45:44.947root 11241100x80000000000000004024087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff74193eef7d0ff2021-12-22 12:45:44.947root 11241100x80000000000000004024088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45e1f64659c450d2021-12-22 12:45:44.947root 11241100x80000000000000004024089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016402ac13fb0cc52021-12-22 12:45:44.947root 11241100x80000000000000004024090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a4d7a8b21b1ba82021-12-22 12:45:45.443root 11241100x80000000000000004024091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6508b4051d1f08c52021-12-22 12:45:45.443root 11241100x80000000000000004024092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e5ae2ca976bd142021-12-22 12:45:45.443root 11241100x80000000000000004024093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b983193c619f90372021-12-22 12:45:45.444root 11241100x80000000000000004024094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bebc03d6fa360b62021-12-22 12:45:45.444root 11241100x80000000000000004024095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de8c61abc1e1de02021-12-22 12:45:45.444root 11241100x80000000000000004024096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda8dca7ca2bd2162021-12-22 12:45:45.444root 11241100x80000000000000004024097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f404d9f0d26141c2021-12-22 12:45:45.444root 11241100x80000000000000004024098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f813d20c97f83dae2021-12-22 12:45:45.444root 11241100x80000000000000004024099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd76b698a66cfc42021-12-22 12:45:45.444root 11241100x80000000000000004024100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89719063fb364cb52021-12-22 12:45:45.445root 11241100x80000000000000004024101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4ae758a8fd906f2021-12-22 12:45:45.445root 11241100x80000000000000004024102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feafdce589ef4f3f2021-12-22 12:45:45.445root 11241100x80000000000000004024103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424422b8544967932021-12-22 12:45:45.445root 11241100x80000000000000004024104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c4f9b39fc57a712021-12-22 12:45:45.445root 11241100x80000000000000004024105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466fff565f6a07382021-12-22 12:45:45.445root 11241100x80000000000000004024106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32658d3f114005032021-12-22 12:45:45.445root 11241100x80000000000000004024107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898bc615e24965852021-12-22 12:45:45.446root 11241100x80000000000000004024108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4a0ec9c256d9802021-12-22 12:45:45.446root 11241100x80000000000000004024109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c243cff2bade2b2021-12-22 12:45:45.446root 11241100x80000000000000004024110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54435fc8cbd15c7b2021-12-22 12:45:45.446root 11241100x80000000000000004024111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36eb279351a070fc2021-12-22 12:45:45.446root 11241100x80000000000000004024112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e968d661ac2efd02021-12-22 12:45:45.448root 11241100x80000000000000004024113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a72a39ee9ba4aa2021-12-22 12:45:45.448root 11241100x80000000000000004024114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f37eb2d90e26c32021-12-22 12:45:45.448root 11241100x80000000000000004024115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfc9fc9e88863142021-12-22 12:45:45.448root 11241100x80000000000000004024116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530a1a4be5413d752021-12-22 12:45:45.448root 11241100x80000000000000004024117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7de7347f671ec9a2021-12-22 12:45:45.449root 11241100x80000000000000004024118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07c9522126faf8e2021-12-22 12:45:45.943root 11241100x80000000000000004024119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded1af552a9e681d2021-12-22 12:45:45.943root 11241100x80000000000000004024120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218d1fcfabfdec6a2021-12-22 12:45:45.943root 11241100x80000000000000004024121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1baa8a1061408672021-12-22 12:45:45.943root 11241100x80000000000000004024122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305b20db40a6a27c2021-12-22 12:45:45.944root 11241100x80000000000000004024123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6299a13335ee7f62021-12-22 12:45:45.944root 11241100x80000000000000004024124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afa2ce4e2f4ab3f2021-12-22 12:45:45.944root 11241100x80000000000000004024125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610b5fd75907ad752021-12-22 12:45:45.944root 11241100x80000000000000004024126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115757d90fe2c8c32021-12-22 12:45:45.944root 11241100x80000000000000004024127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f709d94f17bc22172021-12-22 12:45:45.944root 11241100x80000000000000004024128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdc2db2ce6fcc612021-12-22 12:45:45.944root 11241100x80000000000000004024129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedf06ce423417c42021-12-22 12:45:45.944root 11241100x80000000000000004024130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9edc6b8c942e8002021-12-22 12:45:45.945root 11241100x80000000000000004024131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f5b73d1c9a14642021-12-22 12:45:45.945root 11241100x80000000000000004024132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1576ef2faf3312912021-12-22 12:45:45.945root 11241100x80000000000000004024133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c93daec0ceb79c2021-12-22 12:45:45.945root 11241100x80000000000000004024134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a11826964e4be8b2021-12-22 12:45:45.945root 11241100x80000000000000004024135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7074033811932a52021-12-22 12:45:45.945root 11241100x80000000000000004024136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce175adb741958a2021-12-22 12:45:45.945root 11241100x80000000000000004024137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6b5167c886c0192021-12-22 12:45:45.945root 11241100x80000000000000004024138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6f4b9835a436542021-12-22 12:45:45.945root 11241100x80000000000000004024139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e067c831067386782021-12-22 12:45:45.945root 11241100x80000000000000004024140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16255a463d21e5b2021-12-22 12:45:45.946root 11241100x80000000000000004024141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44f16fae3eb00592021-12-22 12:45:45.946root 11241100x80000000000000004024142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb69dce37c7ee372021-12-22 12:45:45.947root 11241100x80000000000000004024143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21663135518b03c42021-12-22 12:45:45.947root 11241100x80000000000000004024144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30d8f319d76c09a2021-12-22 12:45:45.947root 11241100x80000000000000004024145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c45218da3f745c2021-12-22 12:45:46.443root 11241100x80000000000000004024146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9faf8d372ddec7832021-12-22 12:45:46.443root 11241100x80000000000000004024147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd4dbd4c48655ff2021-12-22 12:45:46.443root 11241100x80000000000000004024148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2dfc59526247bf2021-12-22 12:45:46.443root 11241100x80000000000000004024149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f999e89a62f7982d2021-12-22 12:45:46.444root 11241100x80000000000000004024150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac72f8352144f67d2021-12-22 12:45:46.444root 11241100x80000000000000004024151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc2d66a410743ac2021-12-22 12:45:46.444root 11241100x80000000000000004024152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4f5d4bff6a4ed32021-12-22 12:45:46.444root 11241100x80000000000000004024153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273546ede50f232f2021-12-22 12:45:46.444root 11241100x80000000000000004024154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaae6b544f2c8882021-12-22 12:45:46.444root 11241100x80000000000000004024155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6ca64af8c01bfe2021-12-22 12:45:46.444root 11241100x80000000000000004024156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3a1a9d1553a6a72021-12-22 12:45:46.444root 11241100x80000000000000004024157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fc9ca51301f5122021-12-22 12:45:46.444root 11241100x80000000000000004024158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2317b7f095c3200f2021-12-22 12:45:46.444root 11241100x80000000000000004024159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4461511b7ea6947c2021-12-22 12:45:46.444root 11241100x80000000000000004024160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed455dfe7f032ff2021-12-22 12:45:46.444root 11241100x80000000000000004024161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b525f48ae896a12021-12-22 12:45:46.444root 11241100x80000000000000004024162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d239fa7321d3f2f2021-12-22 12:45:46.445root 11241100x80000000000000004024163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6a3046fd7f199e2021-12-22 12:45:46.445root 11241100x80000000000000004024164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecb22d68175d9f42021-12-22 12:45:46.445root 11241100x80000000000000004024165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0301fc4385804b2021-12-22 12:45:46.445root 11241100x80000000000000004024166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878c116b63267f562021-12-22 12:45:46.445root 11241100x80000000000000004024167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb6423d3c864c472021-12-22 12:45:46.445root 11241100x80000000000000004024168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eeab6e0b5f08802021-12-22 12:45:46.446root 11241100x80000000000000004024169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a07993f4e05f1a62021-12-22 12:45:46.446root 11241100x80000000000000004024170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc052bad58883c82021-12-22 12:45:46.446root 11241100x80000000000000004024171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572c183ee0d8d0522021-12-22 12:45:46.943root 11241100x80000000000000004024172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c542562ac958212021-12-22 12:45:46.943root 11241100x80000000000000004024173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b69cb9ff17b4e882021-12-22 12:45:46.943root 11241100x80000000000000004024174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27abf67d43fc26782021-12-22 12:45:46.943root 11241100x80000000000000004024175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626aad197fc83cd62021-12-22 12:45:46.943root 11241100x80000000000000004024176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb27e194c39e0aa2021-12-22 12:45:46.943root 11241100x80000000000000004024177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325815a3a05689802021-12-22 12:45:46.943root 11241100x80000000000000004024178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7571fbe0d2e5973f2021-12-22 12:45:46.943root 11241100x80000000000000004024179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa058bac69052482021-12-22 12:45:46.944root 11241100x80000000000000004024180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a14f0d9017981902021-12-22 12:45:46.944root 11241100x80000000000000004024181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e5526fe6ad7aab2021-12-22 12:45:46.944root 11241100x80000000000000004024182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e95518108444d202021-12-22 12:45:46.944root 11241100x80000000000000004024183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384fc1baddd83d0c2021-12-22 12:45:46.945root 11241100x80000000000000004024184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd0c19a09808a312021-12-22 12:45:46.945root 11241100x80000000000000004024185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c1805adf5f7f72021-12-22 12:45:46.945root 11241100x80000000000000004024186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0818e7204f5a76e2021-12-22 12:45:46.945root 11241100x80000000000000004024187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5b74e1e8a6bd412021-12-22 12:45:46.945root 11241100x80000000000000004024188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff66fc5f0331f882021-12-22 12:45:46.946root 11241100x80000000000000004024189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65bdbf65725cda42021-12-22 12:45:46.946root 11241100x80000000000000004024190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f109cd0240d4d352021-12-22 12:45:46.946root 11241100x80000000000000004024191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9eae5affeab8a8f2021-12-22 12:45:46.946root 11241100x80000000000000004024192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1807695dfea8b5a92021-12-22 12:45:46.946root 11241100x80000000000000004024193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f09a560ea4e26522021-12-22 12:45:46.946root 11241100x80000000000000004024194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbb440130c2688f2021-12-22 12:45:46.946root 11241100x80000000000000004024195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6998c41f73f1e66c2021-12-22 12:45:46.946root 11241100x80000000000000004024196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42aa01309bc2e852021-12-22 12:45:46.947root 11241100x80000000000000004024197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b87f80768ac8112021-12-22 12:45:46.947root 11241100x80000000000000004024198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732cff5568bca3202021-12-22 12:45:46.948root 11241100x80000000000000004024199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da458843918e3ab92021-12-22 12:45:46.948root 11241100x80000000000000004024200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e673758afff86af2021-12-22 12:45:46.948root 11241100x80000000000000004024201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e96c2c6899485bc2021-12-22 12:45:46.949root 11241100x80000000000000004024202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbce638bd82710d72021-12-22 12:45:46.949root 11241100x80000000000000004024203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143e4eee7265cf4a2021-12-22 12:45:46.949root 11241100x80000000000000004024204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db215a76952c917d2021-12-22 12:45:46.949root 11241100x80000000000000004024205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1195e5d4eb06d5d12021-12-22 12:45:46.949root 11241100x80000000000000004024206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d562e96157d796752021-12-22 12:45:46.949root 11241100x80000000000000004024207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4127ec4feb1a168a2021-12-22 12:45:46.950root 11241100x80000000000000004024208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:46.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f764be4e6af2422021-12-22 12:45:46.951root 11241100x80000000000000004024209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47ddb59897e3cba2021-12-22 12:45:47.442root 11241100x80000000000000004024210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdadf0ddbd210672021-12-22 12:45:47.443root 11241100x80000000000000004024211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab80665d10646e02021-12-22 12:45:47.443root 11241100x80000000000000004024212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12af024e0f41f6df2021-12-22 12:45:47.443root 11241100x80000000000000004024213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0eed443944d45aa2021-12-22 12:45:47.443root 11241100x80000000000000004024214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96d0bdf6c640f202021-12-22 12:45:47.444root 11241100x80000000000000004024215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb322f3f2b3c01b2021-12-22 12:45:47.444root 11241100x80000000000000004024216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d896c64914348402021-12-22 12:45:47.444root 11241100x80000000000000004024217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ced7cae967ebc7c2021-12-22 12:45:47.444root 11241100x80000000000000004024218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29aa57acd0bcb3d12021-12-22 12:45:47.445root 11241100x80000000000000004024219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2b3363ee095b112021-12-22 12:45:47.445root 11241100x80000000000000004024220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d0a3d4575a39162021-12-22 12:45:47.445root 11241100x80000000000000004024221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da369f71f887a0712021-12-22 12:45:47.445root 11241100x80000000000000004024222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8f1699f0fe13442021-12-22 12:45:47.445root 11241100x80000000000000004024223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb13f0e6514103a12021-12-22 12:45:47.446root 11241100x80000000000000004024224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b846edfff4255db22021-12-22 12:45:47.446root 11241100x80000000000000004024225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f29d560a365faf2021-12-22 12:45:47.446root 11241100x80000000000000004024226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d8da91967817852021-12-22 12:45:47.446root 11241100x80000000000000004024227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6607f40ede3f0a322021-12-22 12:45:47.446root 11241100x80000000000000004024228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25a185fdb1ef5b22021-12-22 12:45:47.446root 11241100x80000000000000004024229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb61c94896367392021-12-22 12:45:47.446root 11241100x80000000000000004024230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1f3b5552ce8ee72021-12-22 12:45:47.447root 11241100x80000000000000004024231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc0359dbbf72fa62021-12-22 12:45:47.447root 11241100x80000000000000004024232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06968fbcd56f6b22021-12-22 12:45:47.447root 11241100x80000000000000004024233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7184211f48c7c7ac2021-12-22 12:45:47.447root 11241100x80000000000000004024234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9f2425fb6d998d2021-12-22 12:45:47.447root 11241100x80000000000000004024235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8352c59d646e0f2021-12-22 12:45:47.447root 11241100x80000000000000004024236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707155d3ec7cb1552021-12-22 12:45:47.448root 11241100x80000000000000004024237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6bb2d3e36e4f582021-12-22 12:45:47.448root 11241100x80000000000000004024238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50581e630940b6db2021-12-22 12:45:47.448root 11241100x80000000000000004024239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9db3b65e4f4f932021-12-22 12:45:47.448root 11241100x80000000000000004024240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48c7b02b072a82e2021-12-22 12:45:47.943root 11241100x80000000000000004024241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024131aad780fbb42021-12-22 12:45:47.943root 11241100x80000000000000004024242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96e8a35ffa1e5c02021-12-22 12:45:47.943root 11241100x80000000000000004024243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e450e8e0e2ee6e92021-12-22 12:45:47.944root 11241100x80000000000000004024244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e07a23da54d83c52021-12-22 12:45:47.944root 11241100x80000000000000004024245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd9694843adc23a2021-12-22 12:45:47.944root 11241100x80000000000000004024246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff496f2c09e99002021-12-22 12:45:47.944root 11241100x80000000000000004024247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8eaaa81b70bbfd2021-12-22 12:45:47.944root 11241100x80000000000000004024248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d69210735096f8a2021-12-22 12:45:47.944root 11241100x80000000000000004024249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a98c25b48c3d102021-12-22 12:45:47.945root 11241100x80000000000000004024250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb38929be5d62402021-12-22 12:45:47.945root 11241100x80000000000000004024251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2e16b7783e20452021-12-22 12:45:47.945root 11241100x80000000000000004024252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6931c1d4b5e86f2021-12-22 12:45:47.945root 11241100x80000000000000004024253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc95a958d54638db2021-12-22 12:45:47.945root 11241100x80000000000000004024254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b38053bddb26292021-12-22 12:45:47.945root 11241100x80000000000000004024255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a36054d83f18422021-12-22 12:45:47.946root 11241100x80000000000000004024256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac025798a48ad392021-12-22 12:45:47.946root 11241100x80000000000000004024257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0904215ffbbee3982021-12-22 12:45:47.946root 11241100x80000000000000004024258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59100cfc78b059ec2021-12-22 12:45:47.946root 11241100x80000000000000004024259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc307daaf1f837b32021-12-22 12:45:47.946root 11241100x80000000000000004024260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11adbebc273c205b2021-12-22 12:45:47.946root 11241100x80000000000000004024261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a3e4ecd2d6e43e2021-12-22 12:45:47.946root 11241100x80000000000000004024262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817bebcb7300fc402021-12-22 12:45:47.947root 11241100x80000000000000004024263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf85a2bd94d5a0492021-12-22 12:45:47.947root 11241100x80000000000000004024264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb006ab3c2db9682021-12-22 12:45:47.947root 11241100x80000000000000004024265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938ac90f291e2da42021-12-22 12:45:47.947root 11241100x80000000000000004024266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e03ea8215bf72c2021-12-22 12:45:48.443root 11241100x80000000000000004024267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347cdd711290b6ee2021-12-22 12:45:48.443root 11241100x80000000000000004024268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5de978fb35d92e32021-12-22 12:45:48.443root 11241100x80000000000000004024269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace5ffa0259f97742021-12-22 12:45:48.444root 11241100x80000000000000004024270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3236bec03df65132021-12-22 12:45:48.444root 11241100x80000000000000004024271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a630aa40a65202d2021-12-22 12:45:48.444root 11241100x80000000000000004024272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce971dcd1b02cd72021-12-22 12:45:48.444root 11241100x80000000000000004024273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28bda4c20f0b3c52021-12-22 12:45:48.444root 11241100x80000000000000004024274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b7b905f14b264b2021-12-22 12:45:48.444root 11241100x80000000000000004024275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67860c4db5175fe12021-12-22 12:45:48.444root 11241100x80000000000000004024276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e381594f850912e2021-12-22 12:45:48.444root 11241100x80000000000000004024277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e139a200244e412021-12-22 12:45:48.444root 11241100x80000000000000004024278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044a96c520b618a52021-12-22 12:45:48.445root 11241100x80000000000000004024279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726441e69f9e88e62021-12-22 12:45:48.445root 11241100x80000000000000004024280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c85016cb254344a2021-12-22 12:45:48.445root 11241100x80000000000000004024281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf31c16897527622021-12-22 12:45:48.445root 11241100x80000000000000004024282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b7a479466a20392021-12-22 12:45:48.445root 11241100x80000000000000004024283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cf38b5b041137b2021-12-22 12:45:48.445root 11241100x80000000000000004024284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97137715a417f5b32021-12-22 12:45:48.446root 11241100x80000000000000004024285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc186106f84f5be12021-12-22 12:45:48.446root 11241100x80000000000000004024286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7fb104deec28fc2021-12-22 12:45:48.446root 11241100x80000000000000004024287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a16e43fd815c1912021-12-22 12:45:48.446root 11241100x80000000000000004024288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ded2f45d480ad72021-12-22 12:45:48.447root 11241100x80000000000000004024289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399a16510b31f2282021-12-22 12:45:48.447root 11241100x80000000000000004024290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d956b03ffd41cb2021-12-22 12:45:48.447root 11241100x80000000000000004024291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8833992d85923a72021-12-22 12:45:48.448root 11241100x80000000000000004024292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4416a6371334922021-12-22 12:45:48.943root 11241100x80000000000000004024293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9440bc5688eda43e2021-12-22 12:45:48.943root 11241100x80000000000000004024294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012822ef9fc566582021-12-22 12:45:48.943root 11241100x80000000000000004024295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58113cf3b88ab1c2021-12-22 12:45:48.943root 11241100x80000000000000004024296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94df4e11449638812021-12-22 12:45:48.944root 11241100x80000000000000004024297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9317e6abc70a4842021-12-22 12:45:48.944root 11241100x80000000000000004024298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a03d0c146562ebf2021-12-22 12:45:48.944root 11241100x80000000000000004024299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd19e4289d39e3e62021-12-22 12:45:48.944root 11241100x80000000000000004024300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa857e7d35051212021-12-22 12:45:48.944root 11241100x80000000000000004024301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a68ccfc63043ed2021-12-22 12:45:48.944root 11241100x80000000000000004024302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79df0d7d47a691c2021-12-22 12:45:48.944root 11241100x80000000000000004024303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d9889923a8e1092021-12-22 12:45:48.944root 11241100x80000000000000004024304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90cf724dd9739f62021-12-22 12:45:48.944root 11241100x80000000000000004024305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f49c203a515b14d2021-12-22 12:45:48.944root 11241100x80000000000000004024306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8cef40f808ae912021-12-22 12:45:48.944root 11241100x80000000000000004024307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876ece46ffd2239a2021-12-22 12:45:48.945root 11241100x80000000000000004024308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d49999f82c99942021-12-22 12:45:48.945root 11241100x80000000000000004024309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00741639758f23932021-12-22 12:45:48.945root 11241100x80000000000000004024310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ccac7d4660cb242021-12-22 12:45:48.945root 11241100x80000000000000004024311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c94883e56c14dfe2021-12-22 12:45:48.946root 11241100x80000000000000004024312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05597c21242d7db92021-12-22 12:45:48.946root 11241100x80000000000000004024313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded638f35bd60f212021-12-22 12:45:48.946root 11241100x80000000000000004024314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55de53368a7e7e832021-12-22 12:45:48.946root 11241100x80000000000000004024315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd8be94978677b32021-12-22 12:45:48.946root 11241100x80000000000000004024316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948c266143ef2f452021-12-22 12:45:48.947root 11241100x80000000000000004024317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58eb8addbecba2732021-12-22 12:45:48.948root 11241100x80000000000000004024318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5d914fe13f4e482021-12-22 12:45:48.949root 11241100x80000000000000004024319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433ede13fe14baab2021-12-22 12:45:48.949root 11241100x80000000000000004024320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8042fb90f9ff29e82021-12-22 12:45:48.949root 354300x80000000000000004024321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.195{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56872-false10.0.1.12-8000- 11241100x80000000000000004024322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5065434c5c1a01162021-12-22 12:45:49.196root 11241100x80000000000000004024323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7d88c68d20996e2021-12-22 12:45:49.196root 11241100x80000000000000004024324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa2da9fa3ae43e82021-12-22 12:45:49.196root 11241100x80000000000000004024325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47bd7b895c850d72021-12-22 12:45:49.196root 11241100x80000000000000004024326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9a94c2365847bb2021-12-22 12:45:49.196root 11241100x80000000000000004024327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea425a2deaf2f052021-12-22 12:45:49.196root 11241100x80000000000000004024328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c74322b5e751d662021-12-22 12:45:49.196root 11241100x80000000000000004024329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa6b8a2db375ff92021-12-22 12:45:49.196root 11241100x80000000000000004024330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9d8ef7b513e6d02021-12-22 12:45:49.196root 11241100x80000000000000004024331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b01800b76890602021-12-22 12:45:49.196root 11241100x80000000000000004024332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbee337653dd60bf2021-12-22 12:45:49.197root 11241100x80000000000000004024333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dc02778908f6832021-12-22 12:45:49.197root 11241100x80000000000000004024334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3042eeffdb5707442021-12-22 12:45:49.197root 11241100x80000000000000004024335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67de3f9bbed329872021-12-22 12:45:49.197root 11241100x80000000000000004024336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef56c477d0a16322021-12-22 12:45:49.197root 11241100x80000000000000004024337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddf9fe7fa300b942021-12-22 12:45:49.197root 11241100x80000000000000004024338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff5a48b57b99fae2021-12-22 12:45:49.197root 11241100x80000000000000004024339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f5ca7a2841a19f2021-12-22 12:45:49.197root 11241100x80000000000000004024340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab55a49edae8e0c22021-12-22 12:45:49.197root 11241100x80000000000000004024341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a7a19de90b81df2021-12-22 12:45:49.197root 11241100x80000000000000004024342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a0f39346f5b3812021-12-22 12:45:49.197root 11241100x80000000000000004024343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9fe4c430bacaf62021-12-22 12:45:49.197root 11241100x80000000000000004024344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d416a6bf3a50a4d2021-12-22 12:45:49.197root 11241100x80000000000000004024345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8c201e6841e5f52021-12-22 12:45:49.197root 11241100x80000000000000004024346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6475519eac3637172021-12-22 12:45:49.197root 11241100x80000000000000004024347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990a28440c0c04932021-12-22 12:45:49.197root 11241100x80000000000000004024348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf2a1caf8a48e622021-12-22 12:45:49.198root 11241100x80000000000000004024349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6879bb982aefabc92021-12-22 12:45:49.693root 11241100x80000000000000004024350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6aab38cecc25752021-12-22 12:45:49.694root 11241100x80000000000000004024351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cd8b25cee15caf2021-12-22 12:45:49.694root 11241100x80000000000000004024352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79c05982afd8ec82021-12-22 12:45:49.694root 11241100x80000000000000004024353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be67d91bdde6f9dd2021-12-22 12:45:49.694root 11241100x80000000000000004024354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0c5caae7f8a0162021-12-22 12:45:49.695root 11241100x80000000000000004024355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f5f10f16ef9b9d2021-12-22 12:45:49.695root 11241100x80000000000000004024356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bd4d2317ae2ccb2021-12-22 12:45:49.695root 11241100x80000000000000004024357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbed83d049edc972021-12-22 12:45:49.695root 11241100x80000000000000004024358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b256276651354c2021-12-22 12:45:49.696root 11241100x80000000000000004024359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77573f7adc9805e22021-12-22 12:45:49.696root 11241100x80000000000000004024360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989347d4a959ddfc2021-12-22 12:45:49.696root 11241100x80000000000000004024361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa9bd1cd254f42d2021-12-22 12:45:49.696root 11241100x80000000000000004024362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262b2215d9207f352021-12-22 12:45:49.696root 11241100x80000000000000004024363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ff2cc9bd944b9d2021-12-22 12:45:49.697root 11241100x80000000000000004024364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c338772d74b7252021-12-22 12:45:49.697root 11241100x80000000000000004024365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e1bfd65458af0c2021-12-22 12:45:49.697root 11241100x80000000000000004024366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512e5be999294c072021-12-22 12:45:49.697root 11241100x80000000000000004024367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d63e31f8d4d9f262021-12-22 12:45:49.697root 11241100x80000000000000004024368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4488810ae48fe72021-12-22 12:45:49.697root 11241100x80000000000000004024369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c875b9a7fbf7da502021-12-22 12:45:49.697root 11241100x80000000000000004024370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c2c045761717022021-12-22 12:45:49.698root 11241100x80000000000000004024371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c5744b7e79bf1b2021-12-22 12:45:49.698root 11241100x80000000000000004024372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff5e25ef6d16d632021-12-22 12:45:49.698root 11241100x80000000000000004024373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836de9f7f08a3d022021-12-22 12:45:49.698root 11241100x80000000000000004024374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72e2e5bb49d908d2021-12-22 12:45:49.698root 11241100x80000000000000004024375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:49.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b564ecae012c6fe92021-12-22 12:45:49.698root 11241100x80000000000000004024376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5616b8835f1bc02021-12-22 12:45:50.193root 11241100x80000000000000004024377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46f8f9ef4b810c62021-12-22 12:45:50.193root 11241100x80000000000000004024378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971e6f09fe1fff472021-12-22 12:45:50.194root 11241100x80000000000000004024379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a3719755c5f75c2021-12-22 12:45:50.194root 11241100x80000000000000004024380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bf56f7d4bbb2492021-12-22 12:45:50.194root 11241100x80000000000000004024381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca8319517f398102021-12-22 12:45:50.195root 11241100x80000000000000004024382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c423c17347d861dc2021-12-22 12:45:50.195root 11241100x80000000000000004024383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2810ba04d354a4f2021-12-22 12:45:50.195root 11241100x80000000000000004024384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b435d93b522709b2021-12-22 12:45:50.195root 11241100x80000000000000004024385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34c4d3a3dd107452021-12-22 12:45:50.196root 11241100x80000000000000004024386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c869a49f6c3fa0ae2021-12-22 12:45:50.196root 11241100x80000000000000004024387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34522e30e6d747a82021-12-22 12:45:50.196root 11241100x80000000000000004024388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdc03bfddcd57652021-12-22 12:45:50.196root 11241100x80000000000000004024389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116f157d618c6a0a2021-12-22 12:45:50.196root 11241100x80000000000000004024390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615b6d448fc96aae2021-12-22 12:45:50.196root 11241100x80000000000000004024391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caa39c7447dc8572021-12-22 12:45:50.197root 11241100x80000000000000004024392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f081eb45a1ed3bdb2021-12-22 12:45:50.197root 11241100x80000000000000004024393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7993bd1194809a12021-12-22 12:45:50.197root 11241100x80000000000000004024394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3816f3af9570a14d2021-12-22 12:45:50.197root 11241100x80000000000000004024395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b71348162c861c2021-12-22 12:45:50.197root 11241100x80000000000000004024396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5765e3009dfe3da2021-12-22 12:45:50.197root 11241100x80000000000000004024397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302c70c32620bc2f2021-12-22 12:45:50.197root 11241100x80000000000000004024398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5461d15e92e52b82021-12-22 12:45:50.198root 11241100x80000000000000004024399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9f084ea0c206da2021-12-22 12:45:50.198root 11241100x80000000000000004024400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d436df325ee3672021-12-22 12:45:50.198root 11241100x80000000000000004024401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64eb496c9fa7ac132021-12-22 12:45:50.198root 11241100x80000000000000004024402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3730554c68ce9d652021-12-22 12:45:50.198root 11241100x80000000000000004024403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04052609e521da712021-12-22 12:45:50.198root 11241100x80000000000000004024404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331652319cd17cbf2021-12-22 12:45:50.198root 11241100x80000000000000004024405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0422915eac11de2021-12-22 12:45:50.693root 11241100x80000000000000004024406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39de140708fb5822021-12-22 12:45:50.693root 11241100x80000000000000004024407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2c439b619af9ee2021-12-22 12:45:50.693root 11241100x80000000000000004024408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc0c1e1c85a49172021-12-22 12:45:50.693root 11241100x80000000000000004024409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a86c8685e2ebb92021-12-22 12:45:50.693root 11241100x80000000000000004024410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7e2a3a4a2b30202021-12-22 12:45:50.693root 11241100x80000000000000004024411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c05504432b52c852021-12-22 12:45:50.693root 11241100x80000000000000004024412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c64a75d2b61a9e82021-12-22 12:45:50.693root 11241100x80000000000000004024413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af19e776d8410eb82021-12-22 12:45:50.694root 11241100x80000000000000004024414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330b6ea0aefb168b2021-12-22 12:45:50.694root 11241100x80000000000000004024415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17be24ae5eb2932e2021-12-22 12:45:50.694root 11241100x80000000000000004024416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3a558f81e8474e2021-12-22 12:45:50.694root 11241100x80000000000000004024417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895250523d95c6cb2021-12-22 12:45:50.694root 11241100x80000000000000004024418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bc20af14289e042021-12-22 12:45:50.694root 11241100x80000000000000004024419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d020d41d4832950f2021-12-22 12:45:50.695root 11241100x80000000000000004024420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0c3630aed2ac132021-12-22 12:45:50.695root 11241100x80000000000000004024421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a64daf5043ca3e2021-12-22 12:45:50.696root 11241100x80000000000000004024422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1a8bc9bb6bdc862021-12-22 12:45:50.696root 11241100x80000000000000004024423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbff4cbb730470362021-12-22 12:45:50.696root 11241100x80000000000000004024424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6a2705e0c631002021-12-22 12:45:50.697root 11241100x80000000000000004024425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17e36ba4fc73f602021-12-22 12:45:50.697root 11241100x80000000000000004024426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e21b97fefcccaf2021-12-22 12:45:50.698root 11241100x80000000000000004024427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49ced044432e6902021-12-22 12:45:50.698root 11241100x80000000000000004024428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1910ea044ecd2cd12021-12-22 12:45:50.698root 11241100x80000000000000004024429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde91ab8f89a27892021-12-22 12:45:50.699root 11241100x80000000000000004024430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dd0ae38fe1374a2021-12-22 12:45:50.699root 11241100x80000000000000004024431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b084f11ebf8281002021-12-22 12:45:50.699root 11241100x80000000000000004024432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd57de0bf3e6daf2021-12-22 12:45:50.699root 11241100x80000000000000004024433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68048e66d6b6f60e2021-12-22 12:45:50.700root 11241100x80000000000000004024434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535df2d44a49a7fa2021-12-22 12:45:50.700root 11241100x80000000000000004024435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f0ea1359f8a9d02021-12-22 12:45:50.700root 11241100x80000000000000004024436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3755d08d61b1bfa22021-12-22 12:45:50.700root 11241100x80000000000000004024437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f7dab7a6209e572021-12-22 12:45:50.700root 11241100x80000000000000004024438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c3c5615789d0c22021-12-22 12:45:51.194root 11241100x80000000000000004024439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b865f5ae0764c52021-12-22 12:45:51.194root 11241100x80000000000000004024440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fccfbb2be8e80a2021-12-22 12:45:51.194root 11241100x80000000000000004024441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad6fe091a1635282021-12-22 12:45:51.194root 11241100x80000000000000004024442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573910a6573468302021-12-22 12:45:51.194root 11241100x80000000000000004024443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f509d06a74de002021-12-22 12:45:51.194root 11241100x80000000000000004024444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd0f5a2ceff12392021-12-22 12:45:51.195root 11241100x80000000000000004024445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2c29d579ba9e2d2021-12-22 12:45:51.195root 11241100x80000000000000004024446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f804ed3a83f74f2021-12-22 12:45:51.195root 11241100x80000000000000004024447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03572de03fb471b2021-12-22 12:45:51.195root 11241100x80000000000000004024448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4c04d96d680a032021-12-22 12:45:51.195root 11241100x80000000000000004024449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7573ec6d3307922021-12-22 12:45:51.195root 11241100x80000000000000004024450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d96c8c59c4fd2c52021-12-22 12:45:51.195root 11241100x80000000000000004024451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89ad0dddfd9ac822021-12-22 12:45:51.197root 11241100x80000000000000004024452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080801bdf1ce0b4b2021-12-22 12:45:51.198root 11241100x80000000000000004024453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fe076ad9ee4e932021-12-22 12:45:51.198root 11241100x80000000000000004024454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b23176103b2ce272021-12-22 12:45:51.198root 11241100x80000000000000004024455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e056933782c114732021-12-22 12:45:51.198root 11241100x80000000000000004024456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768f98aee0c18b452021-12-22 12:45:51.198root 11241100x80000000000000004024457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d716b25ba301882021-12-22 12:45:51.199root 11241100x80000000000000004024458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215908255695c03c2021-12-22 12:45:51.199root 11241100x80000000000000004024459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8242e438d28efefa2021-12-22 12:45:51.200root 11241100x80000000000000004024460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66659fc1edbcf3392021-12-22 12:45:51.200root 11241100x80000000000000004024461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa85df78a522bf5f2021-12-22 12:45:51.201root 11241100x80000000000000004024462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683a2c88e26144f92021-12-22 12:45:51.201root 11241100x80000000000000004024463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7fb0b833a8b6a22021-12-22 12:45:51.203root 11241100x80000000000000004024464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c44f0b4ade31bdb2021-12-22 12:45:51.204root 11241100x80000000000000004024465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f312205861a83872021-12-22 12:45:51.693root 11241100x80000000000000004024466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387fb1c0234c750c2021-12-22 12:45:51.693root 11241100x80000000000000004024467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caabc2c901e7e1d2021-12-22 12:45:51.693root 11241100x80000000000000004024468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0884391074b5b7d2021-12-22 12:45:51.693root 11241100x80000000000000004024469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ff3e17b2af5ff82021-12-22 12:45:51.694root 11241100x80000000000000004024470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a748ca53c413e672021-12-22 12:45:51.694root 11241100x80000000000000004024471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707685b64405252e2021-12-22 12:45:51.694root 11241100x80000000000000004024472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e33cb9aebd6f3b2021-12-22 12:45:51.695root 11241100x80000000000000004024473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef35cfdd3ac5f942021-12-22 12:45:51.695root 11241100x80000000000000004024474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a73793013876232021-12-22 12:45:51.695root 11241100x80000000000000004024475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104e416a9d098c702021-12-22 12:45:51.696root 11241100x80000000000000004024476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be81a332a45fdf32021-12-22 12:45:51.696root 11241100x80000000000000004024477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0187c7a944bf7b732021-12-22 12:45:51.696root 11241100x80000000000000004024478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bccc8f5b4d2fde62021-12-22 12:45:51.697root 11241100x80000000000000004024479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca28761abbf0b362021-12-22 12:45:51.697root 11241100x80000000000000004024480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3a2164bc2d04ff2021-12-22 12:45:51.697root 11241100x80000000000000004024481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c3f8c5c94cd81f2021-12-22 12:45:51.698root 11241100x80000000000000004024482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e2db000c1e35362021-12-22 12:45:51.698root 11241100x80000000000000004024483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d098cfab982d4162021-12-22 12:45:51.699root 11241100x80000000000000004024484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa2d4b8159004e82021-12-22 12:45:51.699root 11241100x80000000000000004024485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7733afb24d72bd222021-12-22 12:45:51.700root 11241100x80000000000000004024486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537b6871f6bfd9de2021-12-22 12:45:51.700root 11241100x80000000000000004024487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9a66ff409355bf2021-12-22 12:45:51.700root 11241100x80000000000000004024488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b1e8e9ee3c45382021-12-22 12:45:51.701root 11241100x80000000000000004024489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ab0fff67d3cadd2021-12-22 12:45:51.701root 11241100x80000000000000004024490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f176907fd76f1d2021-12-22 12:45:51.701root 11241100x80000000000000004024491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e685f4c54175b9d62021-12-22 12:45:51.701root 11241100x80000000000000004024492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0385bd0815d80ca82021-12-22 12:45:51.701root 11241100x80000000000000004024493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20578b7e16254142021-12-22 12:45:51.702root 11241100x80000000000000004024494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:51.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646476df8e68ffc12021-12-22 12:45:51.702root 11241100x80000000000000004024495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd49acf67949f102021-12-22 12:45:52.193root 11241100x80000000000000004024496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ff9deb7ca64fae2021-12-22 12:45:52.194root 11241100x80000000000000004024497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3101d2eb24595b7a2021-12-22 12:45:52.194root 11241100x80000000000000004024498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4674d13ece89a32021-12-22 12:45:52.194root 11241100x80000000000000004024499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d933955d41c14212021-12-22 12:45:52.194root 11241100x80000000000000004024500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98822da9c6eaf312021-12-22 12:45:52.195root 11241100x80000000000000004024501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48c7464add9f6f72021-12-22 12:45:52.195root 11241100x80000000000000004024502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7385de131160a13b2021-12-22 12:45:52.195root 11241100x80000000000000004024503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375fb3377115b9172021-12-22 12:45:52.196root 11241100x80000000000000004024504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44753b9dfc71908f2021-12-22 12:45:52.196root 11241100x80000000000000004024505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13afd03ba04c09272021-12-22 12:45:52.196root 11241100x80000000000000004024506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77930a01371e27a2021-12-22 12:45:52.196root 11241100x80000000000000004024507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0819cbb16e9e642021-12-22 12:45:52.197root 11241100x80000000000000004024508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff20e1e8a362eefe2021-12-22 12:45:52.197root 11241100x80000000000000004024509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ac589ba2d069852021-12-22 12:45:52.197root 11241100x80000000000000004024510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9459bfde6237812d2021-12-22 12:45:52.197root 11241100x80000000000000004024511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685014754fdc71872021-12-22 12:45:52.197root 11241100x80000000000000004024512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17da95832363c3c2021-12-22 12:45:52.197root 11241100x80000000000000004024513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1391f3793f7a0ced2021-12-22 12:45:52.197root 11241100x80000000000000004024514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bdc7d31631bce32021-12-22 12:45:52.198root 11241100x80000000000000004024515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8bba62b506fcc82021-12-22 12:45:52.198root 11241100x80000000000000004024516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac9d87d15eaf2732021-12-22 12:45:52.198root 11241100x80000000000000004024517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f71efc648a844992021-12-22 12:45:52.198root 11241100x80000000000000004024518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e5fe4343570bef2021-12-22 12:45:52.198root 11241100x80000000000000004024519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ebd6e1493596122021-12-22 12:45:52.198root 11241100x80000000000000004024520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67f4640f3ad7b1a2021-12-22 12:45:52.199root 11241100x80000000000000004024521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a4337197c017342021-12-22 12:45:52.199root 11241100x80000000000000004024522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bd81c8303e5b1d2021-12-22 12:45:52.693root 11241100x80000000000000004024523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858cce97941feea02021-12-22 12:45:52.693root 11241100x80000000000000004024524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f5e8cb098cf12a2021-12-22 12:45:52.694root 11241100x80000000000000004024525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b138364746f8672021-12-22 12:45:52.694root 11241100x80000000000000004024526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ba3ff3c3b649ae2021-12-22 12:45:52.694root 11241100x80000000000000004024527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027d7a25aad980192021-12-22 12:45:52.694root 11241100x80000000000000004024528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f6e7c6933f84212021-12-22 12:45:52.694root 11241100x80000000000000004024529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c409d89bf5024d2021-12-22 12:45:52.694root 11241100x80000000000000004024530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7184c38cb242792021-12-22 12:45:52.695root 11241100x80000000000000004024531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb682875bfdc5b22021-12-22 12:45:52.695root 11241100x80000000000000004024532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c20a338c77dfd02021-12-22 12:45:52.695root 11241100x80000000000000004024533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56618db5ee1e28f2021-12-22 12:45:52.695root 11241100x80000000000000004024534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5ac4af17444ff22021-12-22 12:45:52.699root 11241100x80000000000000004024535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3811508d8800ea12021-12-22 12:45:52.699root 11241100x80000000000000004024536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff7f2dc30a7cad92021-12-22 12:45:52.699root 11241100x80000000000000004024537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6405e751d53f7c2021-12-22 12:45:52.700root 11241100x80000000000000004024538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f037ae29e1a046e72021-12-22 12:45:52.700root 11241100x80000000000000004024539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5908f6ed0ef0c32021-12-22 12:45:52.700root 11241100x80000000000000004024540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb5b2dca3b944fc2021-12-22 12:45:52.701root 11241100x80000000000000004024541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07069b020df3de92021-12-22 12:45:52.701root 11241100x80000000000000004024542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2f43756d96e7a52021-12-22 12:45:52.701root 11241100x80000000000000004024543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d660acbf591d962021-12-22 12:45:52.702root 11241100x80000000000000004024544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dac198bc68c9bb32021-12-22 12:45:52.702root 11241100x80000000000000004024545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5121686cc350b6012021-12-22 12:45:52.703root 11241100x80000000000000004024546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bee47ca37d5070f2021-12-22 12:45:52.703root 11241100x80000000000000004024547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23227f8910f42752021-12-22 12:45:52.704root 11241100x80000000000000004024548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:52.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa08ef2206678f62021-12-22 12:45:52.704root 11241100x80000000000000004024549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a776963c9958dcb72021-12-22 12:45:53.193root 11241100x80000000000000004024550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db4c2ec793557ff2021-12-22 12:45:53.193root 11241100x80000000000000004024551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aab0fed5e5cac5b2021-12-22 12:45:53.193root 11241100x80000000000000004024552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b82598f8034faf2021-12-22 12:45:53.193root 11241100x80000000000000004024553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78c1b4b405498a02021-12-22 12:45:53.194root 11241100x80000000000000004024554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1ca208d97b28ec2021-12-22 12:45:53.194root 11241100x80000000000000004024555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1ab7f26502b8962021-12-22 12:45:53.194root 11241100x80000000000000004024556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e40f4e88ff12f2b2021-12-22 12:45:53.194root 11241100x80000000000000004024557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ec472687ab8d282021-12-22 12:45:53.194root 11241100x80000000000000004024558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bcc6d2066a3c182021-12-22 12:45:53.194root 11241100x80000000000000004024559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfdb7be35ff129f2021-12-22 12:45:53.194root 11241100x80000000000000004024560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833d0e735d8e85492021-12-22 12:45:53.194root 11241100x80000000000000004024561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205e710cae5f8bdb2021-12-22 12:45:53.194root 11241100x80000000000000004024562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99dd5c70e7c38c752021-12-22 12:45:53.195root 11241100x80000000000000004024563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd6d7584a3259652021-12-22 12:45:53.195root 11241100x80000000000000004024564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec99d68a0a1aa03d2021-12-22 12:45:53.195root 11241100x80000000000000004024565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe02be29acc14332021-12-22 12:45:53.195root 11241100x80000000000000004024566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8080209239cd3dd2021-12-22 12:45:53.195root 11241100x80000000000000004024567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a667193095cfc2b52021-12-22 12:45:53.196root 11241100x80000000000000004024568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12038025f874fba2021-12-22 12:45:53.196root 11241100x80000000000000004024569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c606b6d55860322021-12-22 12:45:53.196root 11241100x80000000000000004024570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc6cea76b703d9a2021-12-22 12:45:53.196root 11241100x80000000000000004024571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a074fef5f4afe92f2021-12-22 12:45:53.197root 11241100x80000000000000004024572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a839145d10b4452021-12-22 12:45:53.197root 11241100x80000000000000004024573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf5bea0ab9b7d6e2021-12-22 12:45:53.197root 11241100x80000000000000004024574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58caf44d3a59a1292021-12-22 12:45:53.197root 11241100x80000000000000004024575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f11d81abc8895692021-12-22 12:45:53.197root 11241100x80000000000000004024576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366c16538dd7ee2e2021-12-22 12:45:53.693root 11241100x80000000000000004024577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67fcc128eb439062021-12-22 12:45:53.693root 11241100x80000000000000004024578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbc2a865ef2ae8a2021-12-22 12:45:53.693root 11241100x80000000000000004024579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5b60e9e7c6608c2021-12-22 12:45:53.693root 11241100x80000000000000004024580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6378c4376731ea7c2021-12-22 12:45:53.693root 11241100x80000000000000004024581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84283a6ad42374d32021-12-22 12:45:53.693root 11241100x80000000000000004024582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d781a254a9123b92021-12-22 12:45:53.693root 11241100x80000000000000004024583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1cbed4b90d91b82021-12-22 12:45:53.694root 11241100x80000000000000004024584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a26da2a07670f142021-12-22 12:45:53.694root 11241100x80000000000000004024585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9073884d5c95fd752021-12-22 12:45:53.694root 11241100x80000000000000004024586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81faf703c0f600402021-12-22 12:45:53.694root 11241100x80000000000000004024587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6d291c8a4d5b312021-12-22 12:45:53.694root 11241100x80000000000000004024588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a03c8b8d52c6df2021-12-22 12:45:53.694root 11241100x80000000000000004024589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c381de433afc282021-12-22 12:45:53.694root 11241100x80000000000000004024590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cad6e5f9ea33112021-12-22 12:45:53.695root 11241100x80000000000000004024591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f0615c394099ca2021-12-22 12:45:53.695root 11241100x80000000000000004024592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ef3feccaf679032021-12-22 12:45:53.695root 11241100x80000000000000004024593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb015599309190d42021-12-22 12:45:53.695root 11241100x80000000000000004024594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f646ed019c5dd972021-12-22 12:45:53.695root 11241100x80000000000000004024595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4b19629b5d0f3b2021-12-22 12:45:53.695root 11241100x80000000000000004024596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03bd06f4061fe452021-12-22 12:45:53.695root 11241100x80000000000000004024597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e06836c3d915862021-12-22 12:45:53.695root 11241100x80000000000000004024598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58552ce78115d372021-12-22 12:45:53.696root 11241100x80000000000000004024599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57dbad376ab6b282021-12-22 12:45:53.696root 11241100x80000000000000004024600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874bbbce2a83bb072021-12-22 12:45:53.696root 11241100x80000000000000004024601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f854a54259f9dda62021-12-22 12:45:53.696root 11241100x80000000000000004024602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab4d264e85e72552021-12-22 12:45:53.696root 11241100x80000000000000004024603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f636125a2c7e4d2021-12-22 12:45:53.697root 11241100x80000000000000004024604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43a69570d158b862021-12-22 12:45:54.193root 11241100x80000000000000004024605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae26eac0bf74a14f2021-12-22 12:45:54.193root 11241100x80000000000000004024606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858c93191ad750982021-12-22 12:45:54.193root 11241100x80000000000000004024607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6057923901fb89c52021-12-22 12:45:54.193root 11241100x80000000000000004024608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2402865c9794c1e82021-12-22 12:45:54.193root 11241100x80000000000000004024609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cb9d1c11eb9cf52021-12-22 12:45:54.194root 11241100x80000000000000004024610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bdfbc33c78fdac2021-12-22 12:45:54.194root 11241100x80000000000000004024611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7548e07317257e2021-12-22 12:45:54.194root 11241100x80000000000000004024612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bf37bf497e1d7e2021-12-22 12:45:54.194root 11241100x80000000000000004024613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2543521bb89631242021-12-22 12:45:54.194root 11241100x80000000000000004024614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ea0a4701427fe32021-12-22 12:45:54.194root 11241100x80000000000000004024615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baee3c206456b6462021-12-22 12:45:54.194root 11241100x80000000000000004024616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6033745e46ee102021-12-22 12:45:54.195root 11241100x80000000000000004024617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdb5745daf3c3722021-12-22 12:45:54.195root 11241100x80000000000000004024618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ba6c4647acad7e2021-12-22 12:45:54.195root 11241100x80000000000000004024619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a48240567eccec72021-12-22 12:45:54.195root 11241100x80000000000000004024620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2022a1c07c017eac2021-12-22 12:45:54.195root 11241100x80000000000000004024621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba369e085f0da352021-12-22 12:45:54.196root 11241100x80000000000000004024622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc32f81fdb2e77c2021-12-22 12:45:54.197root 11241100x80000000000000004024623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7fd1d779dd7bbc2021-12-22 12:45:54.197root 11241100x80000000000000004024624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e143a92643dc9cc32021-12-22 12:45:54.197root 11241100x80000000000000004024625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b64466fe78905e2021-12-22 12:45:54.197root 11241100x80000000000000004024626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddef33331c2c277f2021-12-22 12:45:54.197root 11241100x80000000000000004024627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdde426b6bf62ec2021-12-22 12:45:54.197root 11241100x80000000000000004024628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c67550b65120542021-12-22 12:45:54.197root 11241100x80000000000000004024629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50493e733171c2c22021-12-22 12:45:54.198root 11241100x80000000000000004024630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04217fcfda66bc972021-12-22 12:45:54.198root 11241100x80000000000000004024631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efddbfbb47b0bef2021-12-22 12:45:54.198root 11241100x80000000000000004024632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5249dbb82875dc562021-12-22 12:45:54.198root 11241100x80000000000000004024633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bfbad4651c92252021-12-22 12:45:54.198root 11241100x80000000000000004024634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189673fc43b0e5a82021-12-22 12:45:54.198root 11241100x80000000000000004024635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cafae70f17d575d2021-12-22 12:45:54.693root 11241100x80000000000000004024636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6d76cdd0d3dd1b2021-12-22 12:45:54.693root 11241100x80000000000000004024637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382b3a5360ec34082021-12-22 12:45:54.693root 11241100x80000000000000004024638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7272bcab0293ae9d2021-12-22 12:45:54.693root 11241100x80000000000000004024639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2167c3c842356c252021-12-22 12:45:54.693root 11241100x80000000000000004024640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ebec8009744cdb2021-12-22 12:45:54.694root 11241100x80000000000000004024641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ad3db9b9c8d4312021-12-22 12:45:54.694root 11241100x80000000000000004024642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0201393aa073f62021-12-22 12:45:54.694root 11241100x80000000000000004024643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dbeb33b42fa1f52021-12-22 12:45:54.694root 11241100x80000000000000004024644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b895c39c93eacf352021-12-22 12:45:54.694root 11241100x80000000000000004024645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc27128bd945645f2021-12-22 12:45:54.694root 11241100x80000000000000004024646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1d19f0ac7ec8782021-12-22 12:45:54.695root 11241100x80000000000000004024647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2377d0d7b80e6692021-12-22 12:45:54.695root 11241100x80000000000000004024648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc5cbbf3c89d9042021-12-22 12:45:54.695root 11241100x80000000000000004024649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e70fc3ce95f0c82021-12-22 12:45:54.695root 11241100x80000000000000004024650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200cabda95c88efe2021-12-22 12:45:54.695root 11241100x80000000000000004024651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c830725d94a725252021-12-22 12:45:54.695root 11241100x80000000000000004024652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0103a40898e5149c2021-12-22 12:45:54.696root 11241100x80000000000000004024653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1713bdd902e774f72021-12-22 12:45:54.696root 11241100x80000000000000004024654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98dd5e3a63b0bb462021-12-22 12:45:54.696root 11241100x80000000000000004024655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb70d00edf33b7852021-12-22 12:45:54.696root 11241100x80000000000000004024656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171c753ab7e6f7022021-12-22 12:45:54.696root 11241100x80000000000000004024657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4165ee11c669c56b2021-12-22 12:45:54.696root 11241100x80000000000000004024658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb98e310451d21e2021-12-22 12:45:54.697root 11241100x80000000000000004024659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32451c3349a060d82021-12-22 12:45:54.697root 11241100x80000000000000004024660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e35ad38d153c8e2021-12-22 12:45:54.697root 11241100x80000000000000004024661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83a50c523d127012021-12-22 12:45:54.697root 11241100x80000000000000004024662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0b341dcea9b3cd2021-12-22 12:45:54.698root 11241100x80000000000000004024663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a201c62c252e92ea2021-12-22 12:45:54.698root 11241100x80000000000000004024664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159644ac6895089e2021-12-22 12:45:54.698root 11241100x80000000000000004024665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf10009fc2ffbbf2021-12-22 12:45:54.698root 11241100x80000000000000004024666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8933b8df99e31aa62021-12-22 12:45:54.698root 354300x80000000000000004024667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.112{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56874-false10.0.1.12-8000- 11241100x80000000000000004024668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd89f48ead7a6bda2021-12-22 12:45:55.114root 11241100x80000000000000004024669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cd5df18d4440482021-12-22 12:45:55.114root 11241100x80000000000000004024670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ec56eeb5dc33512021-12-22 12:45:55.114root 11241100x80000000000000004024671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3e6af512d8553f2021-12-22 12:45:55.114root 11241100x80000000000000004024672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554dc416dd9677ac2021-12-22 12:45:55.115root 11241100x80000000000000004024673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68bbe1a29d7fc292021-12-22 12:45:55.115root 11241100x80000000000000004024674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91496d2479a214e12021-12-22 12:45:55.115root 11241100x80000000000000004024675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4333377073af24022021-12-22 12:45:55.115root 11241100x80000000000000004024676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c360e2fdd8842572021-12-22 12:45:55.115root 11241100x80000000000000004024677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291805d9709a9da42021-12-22 12:45:55.116root 11241100x80000000000000004024678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce7c27d11702d932021-12-22 12:45:55.116root 11241100x80000000000000004024679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d490175a662d08832021-12-22 12:45:55.116root 11241100x80000000000000004024680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d96f646c214df42021-12-22 12:45:55.116root 11241100x80000000000000004024681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07091e7621967adc2021-12-22 12:45:55.116root 11241100x80000000000000004024682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c066a71102a9dff22021-12-22 12:45:55.116root 11241100x80000000000000004024683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d162c298d5595842021-12-22 12:45:55.116root 11241100x80000000000000004024684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330830179bcbcd4c2021-12-22 12:45:55.116root 11241100x80000000000000004024685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3a42ab7400cbb12021-12-22 12:45:55.117root 11241100x80000000000000004024686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acbf4886d4ba5122021-12-22 12:45:55.117root 11241100x80000000000000004024687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb536ab84f2d8da2021-12-22 12:45:55.117root 11241100x80000000000000004024688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e777b3f304f11e2021-12-22 12:45:55.117root 11241100x80000000000000004024689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9577171f2ad00f872021-12-22 12:45:55.117root 11241100x80000000000000004024690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdb0360bbe128552021-12-22 12:45:55.117root 11241100x80000000000000004024691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525bfeb0ab1ab6d32021-12-22 12:45:55.117root 11241100x80000000000000004024692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9b2e66f419c3212021-12-22 12:45:55.117root 11241100x80000000000000004024693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7945ab2f9e27f5442021-12-22 12:45:55.118root 11241100x80000000000000004024694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63639aa74eb20962021-12-22 12:45:55.118root 11241100x80000000000000004024695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733a6f39adaed82f2021-12-22 12:45:55.118root 11241100x80000000000000004024696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607328391be9f6772021-12-22 12:45:55.443root 11241100x80000000000000004024697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ac9f0f4912a0c82021-12-22 12:45:55.443root 11241100x80000000000000004024698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f6a7c3f2ef128b2021-12-22 12:45:55.444root 11241100x80000000000000004024699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce788b9fa75f1a0d2021-12-22 12:45:55.444root 11241100x80000000000000004024700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10088df66b3bf8b52021-12-22 12:45:55.444root 11241100x80000000000000004024701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53b76b86fa5e8ce2021-12-22 12:45:55.445root 11241100x80000000000000004024702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9540915c3e37722021-12-22 12:45:55.445root 11241100x80000000000000004024703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3208b3c0ea4ce10f2021-12-22 12:45:55.445root 11241100x80000000000000004024704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aedee7d7f0e57162021-12-22 12:45:55.445root 11241100x80000000000000004024705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf21d885ee8427532021-12-22 12:45:55.446root 11241100x80000000000000004024706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8043d6eabb4ee3a2021-12-22 12:45:55.446root 11241100x80000000000000004024707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be5ce1d14e884282021-12-22 12:45:55.446root 11241100x80000000000000004024708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3efb8073228df3f2021-12-22 12:45:55.446root 11241100x80000000000000004024709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b299de50d92e7d482021-12-22 12:45:55.446root 11241100x80000000000000004024710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e87e12e5d2098d2021-12-22 12:45:55.447root 11241100x80000000000000004024711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3756cbda8bb1009c2021-12-22 12:45:55.447root 11241100x80000000000000004024712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dd6da9a45507232021-12-22 12:45:55.447root 11241100x80000000000000004024713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a45a43aaad90202021-12-22 12:45:55.447root 11241100x80000000000000004024714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da65f0289eae80112021-12-22 12:45:55.447root 11241100x80000000000000004024715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1226c9b852ed3b342021-12-22 12:45:55.447root 11241100x80000000000000004024716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd40f827c0a997e2021-12-22 12:45:55.447root 11241100x80000000000000004024717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3773f4c1669d7dc2021-12-22 12:45:55.448root 11241100x80000000000000004024718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85719a6e871bb6082021-12-22 12:45:55.448root 11241100x80000000000000004024719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba237a57f253fcb2021-12-22 12:45:55.448root 11241100x80000000000000004024720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f874f57a52f3972021-12-22 12:45:55.448root 11241100x80000000000000004024721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b319abe0fd8b43c32021-12-22 12:45:55.448root 11241100x80000000000000004024722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e790c1d1551fb09a2021-12-22 12:45:55.448root 11241100x80000000000000004024723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f131974fdaff3592021-12-22 12:45:55.448root 11241100x80000000000000004024724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f1a1acf94d32892021-12-22 12:45:55.943root 11241100x80000000000000004024725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b1b857335b4da32021-12-22 12:45:55.943root 11241100x80000000000000004024726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63df01764478c3b82021-12-22 12:45:55.943root 11241100x80000000000000004024727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5691519dc7cb2fed2021-12-22 12:45:55.943root 11241100x80000000000000004024728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27f840300d507272021-12-22 12:45:55.943root 11241100x80000000000000004024729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac7d93b496d1ece2021-12-22 12:45:55.944root 11241100x80000000000000004024730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23c7ab5fc2441372021-12-22 12:45:55.944root 11241100x80000000000000004024731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63b96d7baf2cbf32021-12-22 12:45:55.944root 11241100x80000000000000004024732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d122ae24fce45d1d2021-12-22 12:45:55.944root 11241100x80000000000000004024733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05f0d30750d64a22021-12-22 12:45:55.944root 11241100x80000000000000004024734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94548040bea50fb2021-12-22 12:45:55.944root 11241100x80000000000000004024735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be5d28afba150562021-12-22 12:45:55.944root 11241100x80000000000000004024736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad7b5f3719b28ff2021-12-22 12:45:55.945root 11241100x80000000000000004024737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8443c315d035a82021-12-22 12:45:55.945root 11241100x80000000000000004024738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142f078129cbaafd2021-12-22 12:45:55.945root 11241100x80000000000000004024739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3592c720d0f12e0c2021-12-22 12:45:55.945root 11241100x80000000000000004024740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239ff6225c8990262021-12-22 12:45:55.945root 11241100x80000000000000004024741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8579186829b0c6532021-12-22 12:45:55.946root 11241100x80000000000000004024742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a0a6a7cc5749d02021-12-22 12:45:55.946root 11241100x80000000000000004024743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd4f97a0f8ab04f2021-12-22 12:45:55.946root 11241100x80000000000000004024744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e2a4f548ecb56a2021-12-22 12:45:55.947root 11241100x80000000000000004024745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86ce759a9a5ea972021-12-22 12:45:55.947root 11241100x80000000000000004024746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190701831d6f66982021-12-22 12:45:55.947root 11241100x80000000000000004024747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d299bb827b517362021-12-22 12:45:55.947root 11241100x80000000000000004024748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba252551cd89092021-12-22 12:45:55.948root 11241100x80000000000000004024749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0829ea45cdd854a12021-12-22 12:45:55.948root 11241100x80000000000000004024750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b533c610457d4392021-12-22 12:45:55.948root 11241100x80000000000000004024751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968ee000b50c3a032021-12-22 12:45:55.948root 11241100x80000000000000004024752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d3fd0d25e684e52021-12-22 12:45:56.443root 11241100x80000000000000004024753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f19618c282261e2021-12-22 12:45:56.443root 11241100x80000000000000004024754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb02fff6accfcaa12021-12-22 12:45:56.443root 11241100x80000000000000004024755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223541a1e1b826262021-12-22 12:45:56.444root 11241100x80000000000000004024756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bb67080bd5197e2021-12-22 12:45:56.444root 11241100x80000000000000004024757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353240c0e8bf74242021-12-22 12:45:56.444root 11241100x80000000000000004024758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbd0cc427d38e832021-12-22 12:45:56.444root 11241100x80000000000000004024759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed3bbd257bcc9c62021-12-22 12:45:56.445root 11241100x80000000000000004024760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2df8b76bb019b72021-12-22 12:45:56.445root 11241100x80000000000000004024761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da14b7bee7bc67e62021-12-22 12:45:56.445root 11241100x80000000000000004024762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3eae40c5bc770c2021-12-22 12:45:56.445root 11241100x80000000000000004024763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af56388e70f33cf2021-12-22 12:45:56.445root 11241100x80000000000000004024764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0061001f5bfa842021-12-22 12:45:56.445root 11241100x80000000000000004024765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df9603c9f3f4faf2021-12-22 12:45:56.445root 11241100x80000000000000004024766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796c78a1d8c5825c2021-12-22 12:45:56.445root 11241100x80000000000000004024767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a93b090890db7e22021-12-22 12:45:56.446root 11241100x80000000000000004024768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf60ae763e4788f2021-12-22 12:45:56.446root 11241100x80000000000000004024769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8317e1062b8fcf842021-12-22 12:45:56.446root 11241100x80000000000000004024770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a2b8f3d3e4ea302021-12-22 12:45:56.446root 11241100x80000000000000004024771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab54c320c84eea42021-12-22 12:45:56.446root 11241100x80000000000000004024772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a715be07cf36352021-12-22 12:45:56.447root 11241100x80000000000000004024773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f657327f26cbfc2021-12-22 12:45:56.447root 11241100x80000000000000004024774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df9160d6ec285be2021-12-22 12:45:56.447root 11241100x80000000000000004024775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6046239afc86a7b2021-12-22 12:45:56.447root 11241100x80000000000000004024776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04c15a95ad7fd5d2021-12-22 12:45:56.448root 11241100x80000000000000004024777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aa41a39f5d89c32021-12-22 12:45:56.449root 11241100x80000000000000004024778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f469c3ab4b7fe51c2021-12-22 12:45:56.449root 11241100x80000000000000004024779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357b6f07a24334e92021-12-22 12:45:56.450root 11241100x80000000000000004024780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92703a6999dbdae42021-12-22 12:45:56.450root 11241100x80000000000000004024781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f09eb64d8ded412021-12-22 12:45:56.450root 11241100x80000000000000004024782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fb828206be46832021-12-22 12:45:56.943root 11241100x80000000000000004024783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8678dc67c3d668b82021-12-22 12:45:56.943root 11241100x80000000000000004024784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5c91cdab22dda2021-12-22 12:45:56.943root 11241100x80000000000000004024785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c310e5f0455ce3b92021-12-22 12:45:56.943root 11241100x80000000000000004024786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b039f76b9ad2ba2021-12-22 12:45:56.944root 11241100x80000000000000004024787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7f4a3c4c48fb8b2021-12-22 12:45:56.944root 11241100x80000000000000004024788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb77596eb39b4982021-12-22 12:45:56.944root 11241100x80000000000000004024789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb7680639fe7bf12021-12-22 12:45:56.944root 11241100x80000000000000004024790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82977e859be6dd02021-12-22 12:45:56.944root 11241100x80000000000000004024791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891088ac41cab4e22021-12-22 12:45:56.944root 11241100x80000000000000004024792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b3946da2efb2f12021-12-22 12:45:56.945root 11241100x80000000000000004024793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9455c457d7e037542021-12-22 12:45:56.945root 11241100x80000000000000004024794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22faa964634fede12021-12-22 12:45:56.946root 11241100x80000000000000004024795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e441c1a681cf22021-12-22 12:45:56.946root 11241100x80000000000000004024796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeebfea2b614e5012021-12-22 12:45:56.946root 11241100x80000000000000004024797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd116894872576b72021-12-22 12:45:56.947root 11241100x80000000000000004024798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cbb2e3d873ca0f2021-12-22 12:45:56.947root 11241100x80000000000000004024799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9320d762311f53f2021-12-22 12:45:56.948root 11241100x80000000000000004024800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425d668134dae08d2021-12-22 12:45:56.948root 11241100x80000000000000004024801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9d2574d21403922021-12-22 12:45:56.948root 11241100x80000000000000004024802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89aab700d88775ac2021-12-22 12:45:56.948root 11241100x80000000000000004024803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979b7760beea6ac62021-12-22 12:45:56.948root 11241100x80000000000000004024804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18d499005d3dae22021-12-22 12:45:56.948root 11241100x80000000000000004024805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba75834fcea38d852021-12-22 12:45:56.949root 11241100x80000000000000004024806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c3aa722fb88f522021-12-22 12:45:56.949root 11241100x80000000000000004024807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324b402361e1fbe32021-12-22 12:45:56.949root 11241100x80000000000000004024808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4258de15f1c45ff2021-12-22 12:45:56.949root 11241100x80000000000000004024809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbe1d1ce4d9fd232021-12-22 12:45:56.949root 11241100x80000000000000004024810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6e8c2935a45b442021-12-22 12:45:57.443root 11241100x80000000000000004024811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdb5fa7be0d21432021-12-22 12:45:57.443root 11241100x80000000000000004024812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5744fb3180b6df2021-12-22 12:45:57.443root 11241100x80000000000000004024813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc28bf1be862fde22021-12-22 12:45:57.443root 11241100x80000000000000004024814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18624cdf32951dd42021-12-22 12:45:57.444root 11241100x80000000000000004024815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4131804890445ba42021-12-22 12:45:57.444root 11241100x80000000000000004024816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7b7a8c7a30f8d92021-12-22 12:45:57.444root 11241100x80000000000000004024817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099ecc0781b07f982021-12-22 12:45:57.444root 11241100x80000000000000004024818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f67c00a0597444d2021-12-22 12:45:57.444root 11241100x80000000000000004024819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0220c4539227022021-12-22 12:45:57.444root 11241100x80000000000000004024820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e5a24b2316ad8a2021-12-22 12:45:57.445root 11241100x80000000000000004024821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4551ff90c679efe82021-12-22 12:45:57.445root 11241100x80000000000000004024822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f99eb48db221ac62021-12-22 12:45:57.445root 11241100x80000000000000004024823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509834122f98203b2021-12-22 12:45:57.445root 11241100x80000000000000004024824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3d06dc9a0b316a2021-12-22 12:45:57.445root 11241100x80000000000000004024825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b43127a55a84a5f2021-12-22 12:45:57.445root 11241100x80000000000000004024826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e90980772062f02021-12-22 12:45:57.446root 11241100x80000000000000004024827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3779ea7cae97ed182021-12-22 12:45:57.446root 11241100x80000000000000004024828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07b5ed0b16e61852021-12-22 12:45:57.446root 11241100x80000000000000004024829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b37d9a3284c57f2021-12-22 12:45:57.447root 11241100x80000000000000004024830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d02a252516fe9f2021-12-22 12:45:57.447root 11241100x80000000000000004024831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29151f72aaa69dcc2021-12-22 12:45:57.447root 11241100x80000000000000004024832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189ac0020a5b1e9e2021-12-22 12:45:57.447root 11241100x80000000000000004024833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a0328a30204f252021-12-22 12:45:57.447root 11241100x80000000000000004024834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633f53f7831fd44f2021-12-22 12:45:57.447root 11241100x80000000000000004024835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883b0364a68d20af2021-12-22 12:45:57.447root 11241100x80000000000000004024836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec9fc41a2fbedf22021-12-22 12:45:57.447root 11241100x80000000000000004024837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56788c679a5b8882021-12-22 12:45:57.448root 11241100x80000000000000004024838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3465272f74403f22021-12-22 12:45:57.943root 11241100x80000000000000004024839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac1d55081fbdc522021-12-22 12:45:57.943root 11241100x80000000000000004024840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f43d619c0d0c832021-12-22 12:45:57.943root 11241100x80000000000000004024841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f486e0abca742ae22021-12-22 12:45:57.944root 11241100x80000000000000004024842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bea59964fcd7a362021-12-22 12:45:57.944root 11241100x80000000000000004024843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493a82659cfb8ba82021-12-22 12:45:57.944root 11241100x80000000000000004024844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7c3e83b10e29912021-12-22 12:45:57.944root 11241100x80000000000000004024845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f136bf2ae12dccf2021-12-22 12:45:57.945root 11241100x80000000000000004024846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a736be661650af02021-12-22 12:45:57.945root 11241100x80000000000000004024847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1423cf77ed5a1c2021-12-22 12:45:57.945root 11241100x80000000000000004024848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a804a33f7efb43ea2021-12-22 12:45:57.945root 11241100x80000000000000004024849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d943250697c40d2021-12-22 12:45:57.945root 11241100x80000000000000004024850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598b686de25d8f0e2021-12-22 12:45:57.946root 11241100x80000000000000004024851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713db6e742c6fc4a2021-12-22 12:45:57.946root 11241100x80000000000000004024852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6411c6435775202021-12-22 12:45:57.947root 11241100x80000000000000004024853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e29afe6e7b93c372021-12-22 12:45:57.947root 11241100x80000000000000004024854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492c913a8f70d3462021-12-22 12:45:57.947root 11241100x80000000000000004024855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322f4c583455bc392021-12-22 12:45:57.948root 11241100x80000000000000004024856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa19f3c10cd13f782021-12-22 12:45:57.948root 11241100x80000000000000004024857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4daab68dabd82652021-12-22 12:45:57.948root 11241100x80000000000000004024858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3439aec21730faf82021-12-22 12:45:57.948root 11241100x80000000000000004024859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829bfd8e13bd82002021-12-22 12:45:57.949root 11241100x80000000000000004024860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b29a60d942c7c52021-12-22 12:45:57.949root 11241100x80000000000000004024861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0a0313f314ca42021-12-22 12:45:57.949root 11241100x80000000000000004024862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280c75ca510272ed2021-12-22 12:45:57.949root 11241100x80000000000000004024863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786e4670977e35392021-12-22 12:45:57.949root 11241100x80000000000000004024864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a445789bbac9472021-12-22 12:45:57.950root 11241100x80000000000000004024865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc2a719709a97ba2021-12-22 12:45:57.950root 11241100x80000000000000004024866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb2eed822335bce2021-12-22 12:45:57.950root 11241100x80000000000000004024867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea7bca8fffa31372021-12-22 12:45:57.950root 11241100x80000000000000004024868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7217217ce9ecd2c32021-12-22 12:45:58.443root 11241100x80000000000000004024869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e97904d8be1f2d42021-12-22 12:45:58.443root 11241100x80000000000000004024870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90038350d0ea64272021-12-22 12:45:58.443root 11241100x80000000000000004024871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25b73c500499e102021-12-22 12:45:58.444root 11241100x80000000000000004024872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32914885dd9212412021-12-22 12:45:58.444root 11241100x80000000000000004024873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6cb35977300d1f2021-12-22 12:45:58.444root 11241100x80000000000000004024874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697f085d30737d402021-12-22 12:45:58.444root 11241100x80000000000000004024875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1bd58c780ffdf92021-12-22 12:45:58.444root 11241100x80000000000000004024876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90011b00e17409bc2021-12-22 12:45:58.445root 11241100x80000000000000004024877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49639dc84f10b2172021-12-22 12:45:58.445root 11241100x80000000000000004024878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c5b92b15a7852e2021-12-22 12:45:58.445root 11241100x80000000000000004024879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f10e607816f0ed2021-12-22 12:45:58.445root 11241100x80000000000000004024880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91afb25c3637c0392021-12-22 12:45:58.446root 11241100x80000000000000004024881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125c63c110a750c92021-12-22 12:45:58.446root 11241100x80000000000000004024882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d99a8f2b8a8f01c2021-12-22 12:45:58.446root 11241100x80000000000000004024883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82591e7859dc90062021-12-22 12:45:58.446root 11241100x80000000000000004024884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fd6b763aa3b8fc2021-12-22 12:45:58.447root 11241100x80000000000000004024885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cb11c42183ad282021-12-22 12:45:58.447root 11241100x80000000000000004024886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808081300757c8f12021-12-22 12:45:58.447root 11241100x80000000000000004024887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22dffee430cef122021-12-22 12:45:58.447root 11241100x80000000000000004024888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b51e54ecaa14a962021-12-22 12:45:58.448root 11241100x80000000000000004024889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7befd6ef849cc52021-12-22 12:45:58.448root 11241100x80000000000000004024890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d136ec14ee7044c2021-12-22 12:45:58.448root 11241100x80000000000000004024891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22db4bdd39047f672021-12-22 12:45:58.448root 11241100x80000000000000004024892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbed58a1565974c82021-12-22 12:45:58.448root 11241100x80000000000000004024893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b71a1ad1620cba2021-12-22 12:45:58.449root 11241100x80000000000000004024894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8ab380fc93494a2021-12-22 12:45:58.449root 11241100x80000000000000004024895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d27ecd61c2ab53c2021-12-22 12:45:58.449root 11241100x80000000000000004024896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f69220d4ad79c62021-12-22 12:45:58.449root 11241100x80000000000000004024897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ff2b7a026ebab42021-12-22 12:45:58.449root 11241100x80000000000000004024898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6eb39aeb69a7c82021-12-22 12:45:58.943root 11241100x80000000000000004024899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2211c453f476f96c2021-12-22 12:45:58.943root 11241100x80000000000000004024900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7d5d6dd005ddd82021-12-22 12:45:58.943root 11241100x80000000000000004024901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31736c1d5c85f6a42021-12-22 12:45:58.944root 11241100x80000000000000004024902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b0a505e74fd7392021-12-22 12:45:58.944root 11241100x80000000000000004024903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99aff2cf511b1cc2021-12-22 12:45:58.944root 11241100x80000000000000004024904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b880dbece09aab92021-12-22 12:45:58.944root 11241100x80000000000000004024905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1a94cce54fe10b2021-12-22 12:45:58.944root 11241100x80000000000000004024906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64abe2eb519e9482021-12-22 12:45:58.944root 11241100x80000000000000004024907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f41f9ef978edf92021-12-22 12:45:58.944root 11241100x80000000000000004024908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce4fafd72788b3d2021-12-22 12:45:58.944root 11241100x80000000000000004024909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6042f4af644b95d82021-12-22 12:45:58.944root 11241100x80000000000000004024910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117cf3603a52f1c42021-12-22 12:45:58.944root 11241100x80000000000000004024911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adc0b723b12e0d42021-12-22 12:45:58.945root 11241100x80000000000000004024912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd60d58bcfcf0f12021-12-22 12:45:58.945root 11241100x80000000000000004024913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fa32ad380f83772021-12-22 12:45:58.945root 11241100x80000000000000004024914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239411c80639b14a2021-12-22 12:45:58.946root 11241100x80000000000000004024915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5433958c78cffc0a2021-12-22 12:45:58.946root 11241100x80000000000000004024916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b1489fd1d207c12021-12-22 12:45:58.946root 11241100x80000000000000004024917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ead005cdc3d93f2021-12-22 12:45:58.946root 11241100x80000000000000004024918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0445005e688b482d2021-12-22 12:45:58.946root 11241100x80000000000000004024919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07cdebc62b617782021-12-22 12:45:58.947root 11241100x80000000000000004024920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25910abb4bf894142021-12-22 12:45:58.947root 11241100x80000000000000004024921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33eb266ddffc30452021-12-22 12:45:58.947root 11241100x80000000000000004024922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e2dc9b89da04092021-12-22 12:45:58.948root 11241100x80000000000000004024923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb10fe0a822414a2021-12-22 12:45:58.948root 11241100x80000000000000004024924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348560c2d04d98022021-12-22 12:45:58.948root 11241100x80000000000000004024925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1ff354e55b1c872021-12-22 12:45:58.948root 11241100x80000000000000004024926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a620fb667f5b3002021-12-22 12:45:59.443root 11241100x80000000000000004024927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6c4976657fa62e2021-12-22 12:45:59.443root 11241100x80000000000000004024928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7950b15fe9d26b792021-12-22 12:45:59.443root 11241100x80000000000000004024929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc55790c201a3362021-12-22 12:45:59.443root 11241100x80000000000000004024930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53bd80823b34e002021-12-22 12:45:59.443root 11241100x80000000000000004024931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c4d7a002226ad82021-12-22 12:45:59.443root 11241100x80000000000000004024932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81877c7c8faca4592021-12-22 12:45:59.443root 11241100x80000000000000004024933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d2b271a2a3685f2021-12-22 12:45:59.444root 11241100x80000000000000004024934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9786584d479f01942021-12-22 12:45:59.444root 11241100x80000000000000004024935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdceff71c7ccc9d32021-12-22 12:45:59.444root 11241100x80000000000000004024936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944cadd36ed12ef42021-12-22 12:45:59.444root 11241100x80000000000000004024937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dd18ef1cdde2602021-12-22 12:45:59.444root 11241100x80000000000000004024938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f774db31971717162021-12-22 12:45:59.444root 11241100x80000000000000004024939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfebc2fc038551882021-12-22 12:45:59.444root 11241100x80000000000000004024940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c09c933c5b0a7d2021-12-22 12:45:59.444root 11241100x80000000000000004024941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18eafc15a260c4a22021-12-22 12:45:59.444root 11241100x80000000000000004024942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36009271024bc3962021-12-22 12:45:59.445root 11241100x80000000000000004024943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bae9abe141529f92021-12-22 12:45:59.445root 11241100x80000000000000004024944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc7b9a62740033f2021-12-22 12:45:59.445root 11241100x80000000000000004024945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30f6059db10a7532021-12-22 12:45:59.445root 11241100x80000000000000004024946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee04389fb55e9c982021-12-22 12:45:59.445root 11241100x80000000000000004024947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5860f9139480782021-12-22 12:45:59.445root 11241100x80000000000000004024948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0f36a4692ed0ba2021-12-22 12:45:59.445root 11241100x80000000000000004024949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51aa7e6ba57e7e032021-12-22 12:45:59.445root 11241100x80000000000000004024950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6e28d01f21f6382021-12-22 12:45:59.445root 11241100x80000000000000004024951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c431ef2d721412d12021-12-22 12:45:59.446root 11241100x80000000000000004024952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f05af6429bc6e72021-12-22 12:45:59.446root 11241100x80000000000000004024953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23034befd54c2022021-12-22 12:45:59.446root 11241100x80000000000000004024954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3771abb1871c9c502021-12-22 12:45:59.446root 11241100x80000000000000004024955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18080db4101372b82021-12-22 12:45:59.943root 11241100x80000000000000004024956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058a1d607690ad492021-12-22 12:45:59.943root 11241100x80000000000000004024957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f841a75efc42112021-12-22 12:45:59.944root 11241100x80000000000000004024958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec0618b4b5c5e732021-12-22 12:45:59.944root 11241100x80000000000000004024959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb74603521fc5132021-12-22 12:45:59.944root 11241100x80000000000000004024960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2917a6d4f84ec22021-12-22 12:45:59.944root 11241100x80000000000000004024961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7223df65ac77c6732021-12-22 12:45:59.944root 11241100x80000000000000004024962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bebbc708abcc4fd2021-12-22 12:45:59.945root 11241100x80000000000000004024963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44a4e22580b50b92021-12-22 12:45:59.945root 11241100x80000000000000004024964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0d489c96c846b62021-12-22 12:45:59.945root 11241100x80000000000000004024965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bce1f83fd778ea2021-12-22 12:45:59.945root 11241100x80000000000000004024966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765cd9489b8a26f22021-12-22 12:45:59.945root 11241100x80000000000000004024967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f50f6035bb47d42021-12-22 12:45:59.946root 11241100x80000000000000004024968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afaade8939af2c72021-12-22 12:45:59.946root 11241100x80000000000000004024969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbdedbc8c7456c72021-12-22 12:45:59.946root 11241100x80000000000000004024970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea47a1960feb6572021-12-22 12:45:59.946root 11241100x80000000000000004024971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82534f48a5978f7e2021-12-22 12:45:59.946root 11241100x80000000000000004024972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97d73419b2b500b2021-12-22 12:45:59.947root 11241100x80000000000000004024973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb2c350c52aff92021-12-22 12:45:59.947root 11241100x80000000000000004024974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd228c0a495229cc2021-12-22 12:45:59.947root 11241100x80000000000000004024975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb078028caf34ce2021-12-22 12:45:59.947root 11241100x80000000000000004024976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4d958d7aebb6aa2021-12-22 12:45:59.947root 11241100x80000000000000004024977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a61a588e32a9bf2021-12-22 12:45:59.947root 11241100x80000000000000004024978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b169af1300f8265d2021-12-22 12:45:59.947root 11241100x80000000000000004024979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a0e8aa2e91714e2021-12-22 12:45:59.947root 11241100x80000000000000004024980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55347f293f48102c2021-12-22 12:45:59.948root 11241100x80000000000000004024981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca16088b74f0d3c12021-12-22 12:45:59.948root 11241100x80000000000000004024982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d6aed6183c62582021-12-22 12:45:59.948root 11241100x80000000000000004024983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a993b4430128de2021-12-22 12:45:59.948root 11241100x80000000000000004024984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6944e75d7ecb722021-12-22 12:45:59.948root 11241100x80000000000000004024985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182095fce00efd542021-12-22 12:45:59.948root 11241100x80000000000000004024986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1e39d9a4ae7b7a2021-12-22 12:46:00.443root 11241100x80000000000000004024987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7575f736b8171dd02021-12-22 12:46:00.443root 11241100x80000000000000004024988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc155bf5eac17d72021-12-22 12:46:00.443root 11241100x80000000000000004024989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c9af866447854f2021-12-22 12:46:00.443root 11241100x80000000000000004024990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e23be352df05b32021-12-22 12:46:00.443root 11241100x80000000000000004024991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e527f69a8a01b0d2021-12-22 12:46:00.444root 11241100x80000000000000004024992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca9622fb29464d02021-12-22 12:46:00.444root 11241100x80000000000000004024993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e8e6b66c63788b2021-12-22 12:46:00.444root 11241100x80000000000000004024994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d881213aa92020b62021-12-22 12:46:00.444root 11241100x80000000000000004024995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74acb2571f02a2a22021-12-22 12:46:00.444root 11241100x80000000000000004024996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c369e79c22bc98482021-12-22 12:46:00.444root 11241100x80000000000000004024997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af81ce44d78f696f2021-12-22 12:46:00.445root 11241100x80000000000000004024998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611c8a41c054b9f42021-12-22 12:46:00.445root 11241100x80000000000000004024999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52ff8a71c0e2dd92021-12-22 12:46:00.445root 11241100x80000000000000004025000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2a163b3b284e902021-12-22 12:46:00.445root 11241100x80000000000000004025001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d8dcf8e435cca82021-12-22 12:46:00.445root 11241100x80000000000000004025002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a05362cb85ccafd2021-12-22 12:46:00.446root 11241100x80000000000000004025003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0397348bd778212021-12-22 12:46:00.446root 11241100x80000000000000004025004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0b13c1dfa688752021-12-22 12:46:00.446root 11241100x80000000000000004025005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e841af60422b822021-12-22 12:46:00.447root 11241100x80000000000000004025006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3430fbd969eea42021-12-22 12:46:00.447root 11241100x80000000000000004025007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0e34105873e64c2021-12-22 12:46:00.448root 11241100x80000000000000004025008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46c48f948bc5dd92021-12-22 12:46:00.448root 11241100x80000000000000004025009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda8b479dd7049b22021-12-22 12:46:00.448root 11241100x80000000000000004025010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bf92fbefd2917f2021-12-22 12:46:00.449root 11241100x80000000000000004025011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dfaa018075701e2021-12-22 12:46:00.449root 11241100x80000000000000004025012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549af9dc6d40f7712021-12-22 12:46:00.450root 11241100x80000000000000004025013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8a47c307780bfa2021-12-22 12:46:00.450root 11241100x80000000000000004025014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7241ff6505bf882021-12-22 12:46:00.450root 11241100x80000000000000004025015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1a7a85aef1caf22021-12-22 12:46:00.451root 11241100x80000000000000004025016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9eab1a9dc9448e2021-12-22 12:46:00.451root 11241100x80000000000000004025017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852ab5f5dd9011a02021-12-22 12:46:00.452root 11241100x80000000000000004025018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f4b3abe2265e222021-12-22 12:46:00.452root 11241100x80000000000000004025019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315757af7cd212602021-12-22 12:46:00.943root 11241100x80000000000000004025020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086bf3faa1ca78852021-12-22 12:46:00.943root 11241100x80000000000000004025021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321eca1f33ecef392021-12-22 12:46:00.943root 11241100x80000000000000004025022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb66bd9b2d514d312021-12-22 12:46:00.943root 11241100x80000000000000004025023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d7ce9763e4d3812021-12-22 12:46:00.944root 11241100x80000000000000004025024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab11a02d645cb712021-12-22 12:46:00.944root 11241100x80000000000000004025025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c84f33b82663afa2021-12-22 12:46:00.944root 11241100x80000000000000004025026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dfc27bb3ead5952021-12-22 12:46:00.944root 11241100x80000000000000004025027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07710ef319864d372021-12-22 12:46:00.944root 11241100x80000000000000004025028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793d489f3d3b4f0b2021-12-22 12:46:00.945root 11241100x80000000000000004025029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ef08985f2a9f52021-12-22 12:46:00.945root 11241100x80000000000000004025030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c817004ab52b96d2021-12-22 12:46:00.945root 11241100x80000000000000004025031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05443aebb881eeb72021-12-22 12:46:00.946root 11241100x80000000000000004025032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422fa08c2c5e93772021-12-22 12:46:00.946root 11241100x80000000000000004025033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347f60eaf50e16bb2021-12-22 12:46:00.946root 11241100x80000000000000004025034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15aa08c527aac902021-12-22 12:46:00.946root 11241100x80000000000000004025035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c2060ac3848ec22021-12-22 12:46:00.947root 11241100x80000000000000004025036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a207716c95ea26432021-12-22 12:46:00.947root 11241100x80000000000000004025037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482f14f17c69d9c12021-12-22 12:46:00.947root 11241100x80000000000000004025038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed2a81ca4dd75d22021-12-22 12:46:00.947root 11241100x80000000000000004025039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1252dfb03517e1882021-12-22 12:46:00.947root 11241100x80000000000000004025040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30955ef1d2e0b4b62021-12-22 12:46:00.947root 11241100x80000000000000004025041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640b8cafa646f0482021-12-22 12:46:00.948root 11241100x80000000000000004025042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120c2c416ffab0b22021-12-22 12:46:00.948root 11241100x80000000000000004025043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353391163e5d34b42021-12-22 12:46:00.948root 11241100x80000000000000004025044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e22902824c8f982021-12-22 12:46:00.948root 11241100x80000000000000004025045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8664c9cbe48b2c2021-12-22 12:46:00.948root 11241100x80000000000000004025046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e0d735d42d00512021-12-22 12:46:00.948root 11241100x80000000000000004025047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8febf9401a5d42f62021-12-22 12:46:00.948root 11241100x80000000000000004025048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba30640e4664fba2021-12-22 12:46:00.948root 11241100x80000000000000004025049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20160d00820793182021-12-22 12:46:00.949root 354300x80000000000000004025050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.039{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56876-false10.0.1.12-8000- 11241100x80000000000000004025051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868868453111a6362021-12-22 12:46:01.443root 11241100x80000000000000004025052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795dbc05d23b4e112021-12-22 12:46:01.443root 11241100x80000000000000004025053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe717aa2d27cfad2021-12-22 12:46:01.443root 11241100x80000000000000004025054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081cddd67c8d8e092021-12-22 12:46:01.444root 11241100x80000000000000004025055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7fb145c417dfc72021-12-22 12:46:01.444root 11241100x80000000000000004025056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2565957f56e3f0c32021-12-22 12:46:01.444root 11241100x80000000000000004025057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208741463889b20f2021-12-22 12:46:01.444root 11241100x80000000000000004025058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a788a1de63ce280d2021-12-22 12:46:01.444root 11241100x80000000000000004025059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787d6f13754f46392021-12-22 12:46:01.444root 11241100x80000000000000004025060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136ed6e1c77869d12021-12-22 12:46:01.444root 11241100x80000000000000004025061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268c27eb395c32352021-12-22 12:46:01.445root 11241100x80000000000000004025062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb9e5883b6ed8eb2021-12-22 12:46:01.445root 11241100x80000000000000004025063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256f99cf435608fc2021-12-22 12:46:01.445root 11241100x80000000000000004025064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56048458fabaf53a2021-12-22 12:46:01.445root 11241100x80000000000000004025065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeba7919d151afd2021-12-22 12:46:01.445root 11241100x80000000000000004025066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b017f43b4ac1642021-12-22 12:46:01.445root 11241100x80000000000000004025067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69933696bf716b52021-12-22 12:46:01.445root 11241100x80000000000000004025068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195cf4f3fc7f11682021-12-22 12:46:01.446root 11241100x80000000000000004025069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf76314f1b989f242021-12-22 12:46:01.447root 11241100x80000000000000004025070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f63661bf7a2874f2021-12-22 12:46:01.447root 11241100x80000000000000004025071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f5143f2dc3d2062021-12-22 12:46:01.447root 11241100x80000000000000004025072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19db5b96b03067d2021-12-22 12:46:01.448root 11241100x80000000000000004025073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7620a3b28f23c8f92021-12-22 12:46:01.449root 11241100x80000000000000004025074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2b2624b66d40762021-12-22 12:46:01.449root 11241100x80000000000000004025075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc31d3cab2f21cc2021-12-22 12:46:01.449root 11241100x80000000000000004025076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853801479fe53e732021-12-22 12:46:01.449root 11241100x80000000000000004025077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7364c4cd9a2de42021-12-22 12:46:01.449root 11241100x80000000000000004025078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55f76e515d5b8e82021-12-22 12:46:01.449root 11241100x80000000000000004025079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1a9331050be7172021-12-22 12:46:01.450root 11241100x80000000000000004025080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c580dc4cd9429e892021-12-22 12:46:01.943root 11241100x80000000000000004025081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c7f6415d0ad5372021-12-22 12:46:01.943root 11241100x80000000000000004025082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652fd62f402d3d2c2021-12-22 12:46:01.943root 11241100x80000000000000004025083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e34cffca3506c1b2021-12-22 12:46:01.944root 11241100x80000000000000004025084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563570898dbf27402021-12-22 12:46:01.944root 11241100x80000000000000004025085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d7aebfc526a2152021-12-22 12:46:01.944root 11241100x80000000000000004025086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5126ecfb11b2b32021-12-22 12:46:01.944root 11241100x80000000000000004025087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da1c69a3fb261712021-12-22 12:46:01.944root 11241100x80000000000000004025088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4164fc22ae65f22c2021-12-22 12:46:01.944root 11241100x80000000000000004025089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c77c0f1c31ba912021-12-22 12:46:01.944root 11241100x80000000000000004025090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e2229193d341b42021-12-22 12:46:01.944root 11241100x80000000000000004025091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94abf6a9fa7fa4bc2021-12-22 12:46:01.944root 11241100x80000000000000004025092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531ea1c297eed1992021-12-22 12:46:01.945root 11241100x80000000000000004025093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c355b1a851de6f5f2021-12-22 12:46:01.945root 11241100x80000000000000004025094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95ca443fe6110632021-12-22 12:46:01.945root 11241100x80000000000000004025095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83feb031a232efae2021-12-22 12:46:01.945root 11241100x80000000000000004025096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e73c176e3311b22021-12-22 12:46:01.946root 11241100x80000000000000004025097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2612da28363f5802021-12-22 12:46:01.946root 11241100x80000000000000004025098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c6f1c61d05c64d2021-12-22 12:46:01.946root 11241100x80000000000000004025099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0800201a379855e92021-12-22 12:46:01.946root 11241100x80000000000000004025100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c90338da3051f562021-12-22 12:46:01.946root 11241100x80000000000000004025101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04f19fdefedf75d2021-12-22 12:46:01.946root 11241100x80000000000000004025102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c6c36f54c9fe5a2021-12-22 12:46:01.947root 11241100x80000000000000004025103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46729ed12f7cdd4c2021-12-22 12:46:01.947root 11241100x80000000000000004025104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8af77c597d6fed2021-12-22 12:46:01.947root 11241100x80000000000000004025105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4f0966976dcf132021-12-22 12:46:01.947root 11241100x80000000000000004025106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00491998714ff262021-12-22 12:46:01.947root 11241100x80000000000000004025107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00d54598933ccf82021-12-22 12:46:01.947root 11241100x80000000000000004025108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c3d9bf5ce4c0142021-12-22 12:46:01.947root 11241100x80000000000000004025109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c507b0ea0c973ff22021-12-22 12:46:02.443root 11241100x80000000000000004025110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0bb6ae48557d4a2021-12-22 12:46:02.443root 11241100x80000000000000004025111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a0cf16bf64c6fa2021-12-22 12:46:02.443root 11241100x80000000000000004025112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a29bd1647fb5a962021-12-22 12:46:02.444root 11241100x80000000000000004025113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf599352843278872021-12-22 12:46:02.444root 11241100x80000000000000004025114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558c3ff91b5e0f812021-12-22 12:46:02.444root 11241100x80000000000000004025115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e439bb9d120222021-12-22 12:46:02.444root 11241100x80000000000000004025116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74aa8e3187960c922021-12-22 12:46:02.444root 11241100x80000000000000004025117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3ecba7990965cc2021-12-22 12:46:02.444root 11241100x80000000000000004025118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5437a712413118dc2021-12-22 12:46:02.445root 11241100x80000000000000004025119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4360a285e692e4f72021-12-22 12:46:02.445root 11241100x80000000000000004025120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178738188e54aded2021-12-22 12:46:02.445root 11241100x80000000000000004025121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7812fccd474a93a62021-12-22 12:46:02.445root 11241100x80000000000000004025122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e65ca56dda1c1862021-12-22 12:46:02.445root 11241100x80000000000000004025123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f817dc01863b082021-12-22 12:46:02.445root 11241100x80000000000000004025124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150c92e15fa8fcf12021-12-22 12:46:02.445root 11241100x80000000000000004025125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b82bbbfd510b7662021-12-22 12:46:02.446root 11241100x80000000000000004025126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46bcb88ff7c9ed52021-12-22 12:46:02.446root 11241100x80000000000000004025127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2aff7dfb56b5c8b2021-12-22 12:46:02.446root 11241100x80000000000000004025128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab1cfab7410c1c62021-12-22 12:46:02.446root 11241100x80000000000000004025129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d2bf40db6915f62021-12-22 12:46:02.446root 11241100x80000000000000004025130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf2a87afdf1b9e12021-12-22 12:46:02.446root 11241100x80000000000000004025131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687ab492c23821fe2021-12-22 12:46:02.447root 11241100x80000000000000004025132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1eae2e1f808a7e82021-12-22 12:46:02.447root 11241100x80000000000000004025133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdc7a6818b603482021-12-22 12:46:02.447root 11241100x80000000000000004025134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec23e1017e92d402021-12-22 12:46:02.447root 11241100x80000000000000004025135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027d807e3ab59e4b2021-12-22 12:46:02.447root 11241100x80000000000000004025136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8375f463670826fc2021-12-22 12:46:02.448root 11241100x80000000000000004025137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64671d68a10aef712021-12-22 12:46:02.448root 11241100x80000000000000004025138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dcd8bf476a2d582021-12-22 12:46:02.943root 11241100x80000000000000004025139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f337c061341b5382021-12-22 12:46:02.943root 11241100x80000000000000004025140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6178f58767b798562021-12-22 12:46:02.944root 11241100x80000000000000004025141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb7fec7a987bfcc2021-12-22 12:46:02.944root 11241100x80000000000000004025142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7fb634436653462021-12-22 12:46:02.944root 11241100x80000000000000004025143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb954419fccbf1492021-12-22 12:46:02.944root 11241100x80000000000000004025144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7ef6c019a67da92021-12-22 12:46:02.945root 11241100x80000000000000004025145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e97f54f7b6da35b2021-12-22 12:46:02.945root 11241100x80000000000000004025146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b7d984d501af682021-12-22 12:46:02.945root 11241100x80000000000000004025147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3833ae8b9ad5982021-12-22 12:46:02.945root 11241100x80000000000000004025148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4feea745647275e2021-12-22 12:46:02.945root 11241100x80000000000000004025149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8929a87a2e50a8ba2021-12-22 12:46:02.946root 11241100x80000000000000004025150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dfb0238868d0a02021-12-22 12:46:02.946root 11241100x80000000000000004025151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1d6799521cedbb2021-12-22 12:46:02.946root 11241100x80000000000000004025152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8fc143093326de2021-12-22 12:46:02.946root 11241100x80000000000000004025153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8828ca35cfa65132021-12-22 12:46:02.947root 11241100x80000000000000004025154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd98e1c6c42143e2021-12-22 12:46:02.947root 11241100x80000000000000004025155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbdefab801d9e322021-12-22 12:46:02.947root 11241100x80000000000000004025156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe6c026ee9ff3d42021-12-22 12:46:02.947root 11241100x80000000000000004025157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8153996f2e2526002021-12-22 12:46:02.947root 11241100x80000000000000004025158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5661694ad8e9dd2021-12-22 12:46:02.948root 11241100x80000000000000004025159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d6d5b0b9c65b422021-12-22 12:46:02.948root 11241100x80000000000000004025160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4860164e0ec60da2021-12-22 12:46:02.948root 11241100x80000000000000004025161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2aded5de755cf972021-12-22 12:46:02.948root 11241100x80000000000000004025162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff915a9997ff4b8c2021-12-22 12:46:02.948root 11241100x80000000000000004025163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405c25f7613a3f4c2021-12-22 12:46:02.948root 11241100x80000000000000004025164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ff3aba282a38132021-12-22 12:46:02.948root 11241100x80000000000000004025165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516e566ad2521a542021-12-22 12:46:02.948root 11241100x80000000000000004025166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86af3d407ff0a482021-12-22 12:46:02.949root 11241100x80000000000000004025167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.125{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:46:03.125root 11241100x80000000000000004025168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc26bbb40157c842021-12-22 12:46:03.443root 11241100x80000000000000004025169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225684d7936592c42021-12-22 12:46:03.443root 11241100x80000000000000004025170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1611a3a6dd116002021-12-22 12:46:03.443root 11241100x80000000000000004025171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bb9a22cab13f992021-12-22 12:46:03.443root 11241100x80000000000000004025172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd33459d15e8c4022021-12-22 12:46:03.443root 11241100x80000000000000004025173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03a8c781f8848c62021-12-22 12:46:03.443root 11241100x80000000000000004025174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a1f44ea3002e202021-12-22 12:46:03.444root 11241100x80000000000000004025175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ecc58f12f1c26d2021-12-22 12:46:03.444root 11241100x80000000000000004025176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5f929be413369b2021-12-22 12:46:03.444root 11241100x80000000000000004025177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67381b89fed91822021-12-22 12:46:03.444root 11241100x80000000000000004025178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56e874104863b662021-12-22 12:46:03.444root 11241100x80000000000000004025179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2769420eb09aba92021-12-22 12:46:03.444root 11241100x80000000000000004025180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a326362932127662021-12-22 12:46:03.444root 11241100x80000000000000004025181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32b90e19a3f15ab2021-12-22 12:46:03.445root 11241100x80000000000000004025182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21d65cf654e50112021-12-22 12:46:03.445root 11241100x80000000000000004025183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462a9c6f34d7ee712021-12-22 12:46:03.445root 11241100x80000000000000004025184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd34dcd977aa190f2021-12-22 12:46:03.445root 11241100x80000000000000004025185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed54ad7e06f47eb2021-12-22 12:46:03.445root 11241100x80000000000000004025186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad92761bc2f6b5aa2021-12-22 12:46:03.445root 11241100x80000000000000004025187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d254b2f89b9de02021-12-22 12:46:03.445root 11241100x80000000000000004025188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cba00cbd3ecbcb2021-12-22 12:46:03.446root 11241100x80000000000000004025189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e99898d5ab14502021-12-22 12:46:03.446root 11241100x80000000000000004025190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58096c89bf3468702021-12-22 12:46:03.446root 11241100x80000000000000004025191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9db077b1bc04fac2021-12-22 12:46:03.446root 11241100x80000000000000004025192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f309e9f83d293cdc2021-12-22 12:46:03.446root 11241100x80000000000000004025193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e00d81f90df5512021-12-22 12:46:03.447root 11241100x80000000000000004025194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd8ac29b78b79352021-12-22 12:46:03.447root 11241100x80000000000000004025195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b964d71ed80c37fb2021-12-22 12:46:03.447root 11241100x80000000000000004025196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bee70cd78a2a2602021-12-22 12:46:03.447root 11241100x80000000000000004025197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5896648122eb4172021-12-22 12:46:03.447root 11241100x80000000000000004025198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98405de69b158b562021-12-22 12:46:03.447root 11241100x80000000000000004025199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7155db676297342021-12-22 12:46:03.448root 11241100x80000000000000004025200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd3e66ba6840ffb2021-12-22 12:46:03.448root 11241100x80000000000000004025201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b9e046c6400f202021-12-22 12:46:03.448root 11241100x80000000000000004025202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae94584a9f6535402021-12-22 12:46:03.448root 11241100x80000000000000004025203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea94a27b10998c22021-12-22 12:46:03.448root 11241100x80000000000000004025204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e895451d5f5580a52021-12-22 12:46:03.943root 11241100x80000000000000004025205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfc219cb06c083c2021-12-22 12:46:03.943root 11241100x80000000000000004025206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb079a4ae5823fa2021-12-22 12:46:03.943root 11241100x80000000000000004025207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19dd8411694627b2021-12-22 12:46:03.943root 11241100x80000000000000004025208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd14c3821f0cbf42021-12-22 12:46:03.943root 11241100x80000000000000004025209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea718b238b8d143f2021-12-22 12:46:03.943root 11241100x80000000000000004025210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a1fa452a69a46e2021-12-22 12:46:03.944root 11241100x80000000000000004025211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945d6d86366663cc2021-12-22 12:46:03.944root 11241100x80000000000000004025212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0927d7c3356590e42021-12-22 12:46:03.944root 11241100x80000000000000004025213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185b32df27ed10032021-12-22 12:46:03.944root 11241100x80000000000000004025214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af40ce0f6e792d92021-12-22 12:46:03.944root 11241100x80000000000000004025215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf8cec6194f85142021-12-22 12:46:03.944root 11241100x80000000000000004025216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0384ec45dc0a3732021-12-22 12:46:03.944root 11241100x80000000000000004025217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4324652cebf4bb3a2021-12-22 12:46:03.945root 11241100x80000000000000004025218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ae24d6f330f2212021-12-22 12:46:03.945root 11241100x80000000000000004025219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd4f4f6190e8f062021-12-22 12:46:03.945root 11241100x80000000000000004025220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c186b3d4d499d9ea2021-12-22 12:46:03.945root 11241100x80000000000000004025221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284681e9942cc7952021-12-22 12:46:03.945root 11241100x80000000000000004025222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c418efb6d9746d052021-12-22 12:46:03.945root 11241100x80000000000000004025223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffb75e1b749b35c2021-12-22 12:46:03.945root 11241100x80000000000000004025224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c089df95ec8eeeb02021-12-22 12:46:03.945root 11241100x80000000000000004025225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31520f47837c5a232021-12-22 12:46:03.945root 11241100x80000000000000004025226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27732219ccb4af372021-12-22 12:46:03.946root 11241100x80000000000000004025227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bb457875041f652021-12-22 12:46:03.946root 11241100x80000000000000004025228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a9e89d2527d2112021-12-22 12:46:03.946root 11241100x80000000000000004025229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a162c3e550264a2021-12-22 12:46:03.946root 11241100x80000000000000004025230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae031504dabf0e6e2021-12-22 12:46:03.946root 11241100x80000000000000004025231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512d780083c02d842021-12-22 12:46:03.947root 11241100x80000000000000004025232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12ce3b6ec66e1a82021-12-22 12:46:03.947root 11241100x80000000000000004025233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e36f06f01a811cb2021-12-22 12:46:03.947root 11241100x80000000000000004025234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15323b9e356cbb7f2021-12-22 12:46:03.947root 11241100x80000000000000004025235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4d502f0e52c1852021-12-22 12:46:03.947root 11241100x80000000000000004025236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737eed5ebfcc2ea82021-12-22 12:46:03.947root 11241100x80000000000000004025237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf790b1b792898142021-12-22 12:46:03.948root 11241100x80000000000000004025238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d0af5b187d0ece2021-12-22 12:46:03.948root 11241100x80000000000000004025239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f722a5454931bc62021-12-22 12:46:03.948root 11241100x80000000000000004025240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57aca121ae4618592021-12-22 12:46:03.948root 11241100x80000000000000004025241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8881338e0585b4c52021-12-22 12:46:04.443root 11241100x80000000000000004025242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d526d8dc97357f8e2021-12-22 12:46:04.443root 11241100x80000000000000004025243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82313d62ef29d8f22021-12-22 12:46:04.443root 11241100x80000000000000004025244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb7212395f342822021-12-22 12:46:04.443root 11241100x80000000000000004025245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0222ef1f9c8936512021-12-22 12:46:04.444root 11241100x80000000000000004025246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630f016cc6380e932021-12-22 12:46:04.444root 11241100x80000000000000004025247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cead1254ab14772021-12-22 12:46:04.444root 11241100x80000000000000004025248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d30a47e1d15e032021-12-22 12:46:04.444root 11241100x80000000000000004025249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23bd349dd07f5a42021-12-22 12:46:04.444root 11241100x80000000000000004025250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7640125e902fd3952021-12-22 12:46:04.444root 11241100x80000000000000004025251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc208b8529995cf2021-12-22 12:46:04.444root 11241100x80000000000000004025252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2638bad4e23ffe5d2021-12-22 12:46:04.444root 11241100x80000000000000004025253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7915215651314f592021-12-22 12:46:04.445root 11241100x80000000000000004025254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77595834b10e44a42021-12-22 12:46:04.445root 11241100x80000000000000004025255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235c47bb43924d1d2021-12-22 12:46:04.445root 11241100x80000000000000004025256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e886a9b83192ff892021-12-22 12:46:04.446root 11241100x80000000000000004025257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eeb1ba67d987412021-12-22 12:46:04.446root 11241100x80000000000000004025258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb829ba19581bc432021-12-22 12:46:04.446root 11241100x80000000000000004025259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736672c21e0995372021-12-22 12:46:04.447root 11241100x80000000000000004025260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48663ca2ff31f4af2021-12-22 12:46:04.447root 11241100x80000000000000004025261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398629ef53005b6c2021-12-22 12:46:04.447root 11241100x80000000000000004025262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497aae8493f9ebb72021-12-22 12:46:04.448root 11241100x80000000000000004025263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6d26b4343d05ed2021-12-22 12:46:04.448root 11241100x80000000000000004025264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a399b57b09340c232021-12-22 12:46:04.448root 11241100x80000000000000004025265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeafed13d4b716a2021-12-22 12:46:04.448root 11241100x80000000000000004025266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5c155977009fec2021-12-22 12:46:04.449root 11241100x80000000000000004025267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7c34b640590e312021-12-22 12:46:04.449root 11241100x80000000000000004025268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72887063aef7cf8e2021-12-22 12:46:04.449root 11241100x80000000000000004025269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d10194cd9b7cea2021-12-22 12:46:04.450root 11241100x80000000000000004025270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b555aa06d67a5e932021-12-22 12:46:04.450root 11241100x80000000000000004025271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ad00f2aa58c8102021-12-22 12:46:04.943root 11241100x80000000000000004025272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f348d1223a591342021-12-22 12:46:04.943root 11241100x80000000000000004025273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c5a95a94d3b8272021-12-22 12:46:04.944root 11241100x80000000000000004025274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3623f1d6455683ec2021-12-22 12:46:04.944root 11241100x80000000000000004025275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470dbe0a2d4d924b2021-12-22 12:46:04.944root 11241100x80000000000000004025276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9d9c27ae5605582021-12-22 12:46:04.945root 11241100x80000000000000004025277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1a54fdf620b7c42021-12-22 12:46:04.945root 11241100x80000000000000004025278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7adf28e0639be832021-12-22 12:46:04.945root 11241100x80000000000000004025279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf0f29b0971a8da2021-12-22 12:46:04.945root 11241100x80000000000000004025280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6713f743bb0575ff2021-12-22 12:46:04.946root 11241100x80000000000000004025281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28daa66a2f0e3f0a2021-12-22 12:46:04.946root 11241100x80000000000000004025282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6012e7782c0050922021-12-22 12:46:04.946root 11241100x80000000000000004025283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c153a9782f7514b2021-12-22 12:46:04.947root 11241100x80000000000000004025284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d864bc7a8838d6f2021-12-22 12:46:04.947root 11241100x80000000000000004025285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dfc0151df374e32021-12-22 12:46:04.948root 11241100x80000000000000004025286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e582057b2b693b332021-12-22 12:46:04.948root 11241100x80000000000000004025287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e174554314e94dd2021-12-22 12:46:04.948root 11241100x80000000000000004025288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959f62bbac4af7092021-12-22 12:46:04.948root 11241100x80000000000000004025289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494655ab580acaf82021-12-22 12:46:04.948root 11241100x80000000000000004025290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aedc0e079cc816d2021-12-22 12:46:04.948root 11241100x80000000000000004025291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d6a1589a28bdff2021-12-22 12:46:04.949root 11241100x80000000000000004025292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3cd1443f235bb82021-12-22 12:46:04.949root 11241100x80000000000000004025293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274e42cffe0e258c2021-12-22 12:46:04.949root 11241100x80000000000000004025294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c035eff6c1ec5572021-12-22 12:46:04.949root 11241100x80000000000000004025295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e713d32adb636e2021-12-22 12:46:04.949root 11241100x80000000000000004025296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a32a557e4a0346c2021-12-22 12:46:04.950root 11241100x80000000000000004025297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bec67c554631522021-12-22 12:46:04.950root 11241100x80000000000000004025298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece3a8aeaf8478992021-12-22 12:46:04.950root 11241100x80000000000000004025299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aad21395ec53db02021-12-22 12:46:04.951root 11241100x80000000000000004025300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6bd15560cf56952021-12-22 12:46:04.952root 11241100x80000000000000004025301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:04.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9732d82a9d3e70032021-12-22 12:46:04.953root 11241100x80000000000000004025302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64086c098939d5912021-12-22 12:46:05.443root 11241100x80000000000000004025303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c7da8bf18b3d592021-12-22 12:46:05.443root 11241100x80000000000000004025304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7987ceea90fa3b42021-12-22 12:46:05.443root 11241100x80000000000000004025305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be41829a7f92fb8b2021-12-22 12:46:05.443root 11241100x80000000000000004025306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d234ade3b8b35e072021-12-22 12:46:05.443root 11241100x80000000000000004025307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadbe27a89d6fa952021-12-22 12:46:05.443root 11241100x80000000000000004025308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5bfe5779820e752021-12-22 12:46:05.444root 11241100x80000000000000004025309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5c3593f2961baa2021-12-22 12:46:05.444root 11241100x80000000000000004025310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62b41f5367e6d772021-12-22 12:46:05.444root 11241100x80000000000000004025311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea10494a7c5bafa2021-12-22 12:46:05.444root 11241100x80000000000000004025312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48921db998247f322021-12-22 12:46:05.444root 11241100x80000000000000004025313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956f6bc8149f72352021-12-22 12:46:05.445root 11241100x80000000000000004025314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c86087fccc34d832021-12-22 12:46:05.445root 11241100x80000000000000004025315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4636d6b2ca0c51de2021-12-22 12:46:05.445root 11241100x80000000000000004025316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5e8c69e23a43912021-12-22 12:46:05.445root 11241100x80000000000000004025317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a147d01cf6d063e12021-12-22 12:46:05.445root 11241100x80000000000000004025318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d65f906d181fd182021-12-22 12:46:05.445root 11241100x80000000000000004025319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe302f54f7649e2c2021-12-22 12:46:05.445root 11241100x80000000000000004025320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91612ae12ef966a2021-12-22 12:46:05.445root 11241100x80000000000000004025321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200d4fb7e24c4d3d2021-12-22 12:46:05.446root 11241100x80000000000000004025322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6909b0ef8d671f2021-12-22 12:46:05.446root 11241100x80000000000000004025323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76227f50bad5d9872021-12-22 12:46:05.446root 11241100x80000000000000004025324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3728c3f17ff6b4e2021-12-22 12:46:05.446root 11241100x80000000000000004025325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b273dcec159639772021-12-22 12:46:05.446root 11241100x80000000000000004025326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88629e384bbe0ec2021-12-22 12:46:05.446root 11241100x80000000000000004025327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b496830fd5a60252021-12-22 12:46:05.447root 11241100x80000000000000004025328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cdcd4bfad806722021-12-22 12:46:05.447root 11241100x80000000000000004025329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b99137fb95cdc152021-12-22 12:46:05.447root 11241100x80000000000000004025330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fecab36f728fe02021-12-22 12:46:05.447root 11241100x80000000000000004025331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0121bc55b0f29eab2021-12-22 12:46:05.447root 11241100x80000000000000004025332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b946f02b4030c682021-12-22 12:46:05.447root 11241100x80000000000000004025333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5260f12b64b700552021-12-22 12:46:05.447root 11241100x80000000000000004025334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da7f848a380529d2021-12-22 12:46:05.448root 11241100x80000000000000004025335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5408ec42c2fcdd2021-12-22 12:46:05.448root 11241100x80000000000000004025336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a266c6d8430c8f92021-12-22 12:46:05.448root 11241100x80000000000000004025337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbf5ba18134fd512021-12-22 12:46:05.448root 11241100x80000000000000004025338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664965d3c6bb67bc2021-12-22 12:46:05.943root 11241100x80000000000000004025339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b9cc83fe5e19432021-12-22 12:46:05.943root 11241100x80000000000000004025340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939c1c77843453dc2021-12-22 12:46:05.944root 11241100x80000000000000004025341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f83378c522383b2021-12-22 12:46:05.944root 11241100x80000000000000004025342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff89fe64574cb8282021-12-22 12:46:05.944root 11241100x80000000000000004025343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5a254740222a392021-12-22 12:46:05.945root 11241100x80000000000000004025344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7846d316a7efa2a92021-12-22 12:46:05.945root 11241100x80000000000000004025345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab58ab7318c7b2fb2021-12-22 12:46:05.945root 11241100x80000000000000004025346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e659e71b6af003f12021-12-22 12:46:05.945root 11241100x80000000000000004025347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c846bcaf46fb4a942021-12-22 12:46:05.946root 11241100x80000000000000004025348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676622379a8552c92021-12-22 12:46:05.946root 11241100x80000000000000004025349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2994a31c6ac7112021-12-22 12:46:05.946root 11241100x80000000000000004025350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8d36e85647266f2021-12-22 12:46:05.946root 11241100x80000000000000004025351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22b35f554e446072021-12-22 12:46:05.947root 11241100x80000000000000004025352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4ca66744c2d0c02021-12-22 12:46:05.947root 11241100x80000000000000004025353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ed95095b0390832021-12-22 12:46:05.947root 11241100x80000000000000004025354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e67649341ae144d2021-12-22 12:46:05.947root 11241100x80000000000000004025355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ea66471148210e2021-12-22 12:46:05.947root 11241100x80000000000000004025356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b554f1375f2b043b2021-12-22 12:46:05.948root 11241100x80000000000000004025357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f1e7ff9f98437c2021-12-22 12:46:05.948root 11241100x80000000000000004025358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e222d1de3db9f6112021-12-22 12:46:05.948root 11241100x80000000000000004025359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977debf3fc1fc7c22021-12-22 12:46:05.948root 11241100x80000000000000004025360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edc9e9639c685d12021-12-22 12:46:05.948root 11241100x80000000000000004025361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a0a1834a213de82021-12-22 12:46:05.949root 11241100x80000000000000004025362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a5c4b845506c6b2021-12-22 12:46:05.949root 11241100x80000000000000004025363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86454a3715a27e4e2021-12-22 12:46:05.949root 11241100x80000000000000004025364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fa86998117528a2021-12-22 12:46:05.949root 11241100x80000000000000004025365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff53414fda1f7a4c2021-12-22 12:46:05.949root 11241100x80000000000000004025366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b0371e600f267d2021-12-22 12:46:05.950root 11241100x80000000000000004025367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31210c0eb55d6ade2021-12-22 12:46:05.950root 11241100x80000000000000004025368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac68c466e6debab2021-12-22 12:46:05.950root 11241100x80000000000000004025369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f9b06f2bc78e152021-12-22 12:46:05.950root 11241100x80000000000000004025370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637c8850f876ae1d2021-12-22 12:46:05.950root 11241100x80000000000000004025371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6f6327cf3d14572021-12-22 12:46:05.951root 11241100x80000000000000004025372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e60150c4a26b792021-12-22 12:46:05.951root 23542300x80000000000000004025373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.127{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000004025374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.150{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56878-false10.0.1.12-8000- 11241100x80000000000000004025375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9c58fd70ae73892021-12-22 12:46:06.443root 11241100x80000000000000004025376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22df91a3ce9ea13e2021-12-22 12:46:06.443root 11241100x80000000000000004025377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bcb22a675100522021-12-22 12:46:06.443root 11241100x80000000000000004025378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575ecdd86b01610f2021-12-22 12:46:06.443root 11241100x80000000000000004025379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097676dface2a17e2021-12-22 12:46:06.444root 11241100x80000000000000004025380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84db9fcdb08f256e2021-12-22 12:46:06.444root 11241100x80000000000000004025381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abdf139805768662021-12-22 12:46:06.444root 11241100x80000000000000004025382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0e7ba223cca7712021-12-22 12:46:06.444root 11241100x80000000000000004025383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e1fa17f84058262021-12-22 12:46:06.444root 11241100x80000000000000004025384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e68918f238e7d562021-12-22 12:46:06.444root 11241100x80000000000000004025385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1530615f30fa372021-12-22 12:46:06.445root 11241100x80000000000000004025386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c81f06b7f7b4cb2021-12-22 12:46:06.445root 11241100x80000000000000004025387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca451444237675d42021-12-22 12:46:06.445root 11241100x80000000000000004025388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f81022c057f68ae2021-12-22 12:46:06.445root 11241100x80000000000000004025389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c260852c1fd17d2021-12-22 12:46:06.445root 11241100x80000000000000004025390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bfc512abb3c4022021-12-22 12:46:06.445root 11241100x80000000000000004025391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57cdf788f90fa172021-12-22 12:46:06.445root 11241100x80000000000000004025392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355f448d896f12152021-12-22 12:46:06.447root 11241100x80000000000000004025393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c00cd5d45fa20f62021-12-22 12:46:06.447root 11241100x80000000000000004025394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d40774baa5d39b42021-12-22 12:46:06.447root 11241100x80000000000000004025395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bc92926a2603402021-12-22 12:46:06.447root 11241100x80000000000000004025396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c63372a1d4186b22021-12-22 12:46:06.447root 11241100x80000000000000004025397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc334288c7c8af72021-12-22 12:46:06.448root 11241100x80000000000000004025398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b296de45ffd46f02021-12-22 12:46:06.448root 11241100x80000000000000004025399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59e7985140dc7ba2021-12-22 12:46:06.448root 11241100x80000000000000004025400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f845c7a4e498f43d2021-12-22 12:46:06.449root 11241100x80000000000000004025401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f7c5292f1c23002021-12-22 12:46:06.449root 11241100x80000000000000004025402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7f544a2abd07932021-12-22 12:46:06.449root 11241100x80000000000000004025403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07504577400d27a12021-12-22 12:46:06.449root 11241100x80000000000000004025404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249429f534ea3df52021-12-22 12:46:06.449root 11241100x80000000000000004025405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bdca4e243f742b2021-12-22 12:46:06.449root 11241100x80000000000000004025406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95267dc0fcf88962021-12-22 12:46:06.450root 11241100x80000000000000004025407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3567fd2b67b3b51b2021-12-22 12:46:06.450root 11241100x80000000000000004025408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ccb9ba0586cffa2021-12-22 12:46:06.450root 11241100x80000000000000004025409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf976c0d6b67f502021-12-22 12:46:06.450root 11241100x80000000000000004025410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bfa2596d717ba52021-12-22 12:46:06.450root 11241100x80000000000000004025411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74b27470c7f05d32021-12-22 12:46:06.450root 11241100x80000000000000004025412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac7bdd512013a762021-12-22 12:46:06.450root 11241100x80000000000000004025413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330c22700057958f2021-12-22 12:46:06.450root 11241100x80000000000000004025414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6003b9f8b1cc04d42021-12-22 12:46:06.450root 11241100x80000000000000004025415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d96017bdd7efcc2021-12-22 12:46:06.450root 11241100x80000000000000004025416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2919e97c3467f82021-12-22 12:46:06.450root 11241100x80000000000000004025417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14388a63a0fe9c82021-12-22 12:46:06.450root 11241100x80000000000000004025418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c0ce5e7c9698b32021-12-22 12:46:06.450root 11241100x80000000000000004025419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062d4e261b327d8a2021-12-22 12:46:06.450root 11241100x80000000000000004025420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b343dda4458b86552021-12-22 12:46:06.450root 11241100x80000000000000004025421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af9974227be18542021-12-22 12:46:06.942root 11241100x80000000000000004025422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6c0dd6ef937a532021-12-22 12:46:06.943root 11241100x80000000000000004025423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd87489e3f3774932021-12-22 12:46:06.943root 11241100x80000000000000004025424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eda33a2e1cafab72021-12-22 12:46:06.943root 11241100x80000000000000004025425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33220329d76932602021-12-22 12:46:06.943root 11241100x80000000000000004025426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d97f60d6cc594a2021-12-22 12:46:06.943root 11241100x80000000000000004025427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a11f2cd73d568a2021-12-22 12:46:06.943root 11241100x80000000000000004025428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cedffb4274d71d32021-12-22 12:46:06.944root 11241100x80000000000000004025429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdffab291f58b182021-12-22 12:46:06.944root 11241100x80000000000000004025430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a762870be80ce0672021-12-22 12:46:06.944root 11241100x80000000000000004025431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b493eee67a39c4f42021-12-22 12:46:06.944root 11241100x80000000000000004025432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3919ed112ba9b82021-12-22 12:46:06.944root 11241100x80000000000000004025433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910bbccd6dc497e22021-12-22 12:46:06.944root 11241100x80000000000000004025434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07fb9b44e32da2a2021-12-22 12:46:06.944root 11241100x80000000000000004025435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c4b4ca7b75a8562021-12-22 12:46:06.944root 11241100x80000000000000004025436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c14de9510347a4f2021-12-22 12:46:06.944root 11241100x80000000000000004025437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6faff191f6b911062021-12-22 12:46:06.945root 11241100x80000000000000004025438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337d9a62e4ef37fb2021-12-22 12:46:06.945root 11241100x80000000000000004025439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2171eb9e3b433b12021-12-22 12:46:06.945root 11241100x80000000000000004025440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e38690177401562021-12-22 12:46:06.945root 11241100x80000000000000004025441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb0ad7404bcf0052021-12-22 12:46:06.945root 11241100x80000000000000004025442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596af742bfecb2ef2021-12-22 12:46:06.946root 11241100x80000000000000004025443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2ee64c8023693c2021-12-22 12:46:06.946root 11241100x80000000000000004025444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785e3dba207d23a02021-12-22 12:46:06.946root 11241100x80000000000000004025445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3199bd4485a9492021-12-22 12:46:06.946root 11241100x80000000000000004025446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951e53e3e46e2e3c2021-12-22 12:46:06.947root 11241100x80000000000000004025447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c49989a1bb0d0062021-12-22 12:46:06.947root 11241100x80000000000000004025448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77877d63735fea6a2021-12-22 12:46:06.947root 11241100x80000000000000004025449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc45de6df721c422021-12-22 12:46:06.947root 11241100x80000000000000004025450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d456c94c41b1ce42021-12-22 12:46:06.947root 11241100x80000000000000004025451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fca62a5556188142021-12-22 12:46:06.947root 11241100x80000000000000004025452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc292598b4ae0bd2021-12-22 12:46:06.947root 11241100x80000000000000004025453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a257c2ea6102e092021-12-22 12:46:06.948root 11241100x80000000000000004025454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f6de73366aa5bd2021-12-22 12:46:06.948root 11241100x80000000000000004025455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe18012f0a17b082021-12-22 12:46:06.948root 11241100x80000000000000004025456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7805ea7ba89493c2021-12-22 12:46:06.948root 11241100x80000000000000004025457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac6e4be290891ed2021-12-22 12:46:06.948root 11241100x80000000000000004025458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7df71f88c48b1c52021-12-22 12:46:06.948root 11241100x80000000000000004025459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dab40c5dd911752021-12-22 12:46:06.948root 11241100x80000000000000004025460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c7d2d5de7e7ecf2021-12-22 12:46:06.948root 11241100x80000000000000004025461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c543a0d4e659b32021-12-22 12:46:06.948root 11241100x80000000000000004025462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a189fe2c8acef002021-12-22 12:46:06.949root 11241100x80000000000000004025463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d560672a7dac2672021-12-22 12:46:06.949root 11241100x80000000000000004025464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2444c83cfca2a92021-12-22 12:46:06.949root 11241100x80000000000000004025465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98f406e90891e862021-12-22 12:46:06.949root 11241100x80000000000000004025466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8169ac32e2f335762021-12-22 12:46:06.949root 11241100x80000000000000004025467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7fd6105665d1ba2021-12-22 12:46:06.949root 11241100x80000000000000004025468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681aa45b1a97edf62021-12-22 12:46:06.949root 11241100x80000000000000004025469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cd4d395eb445e62021-12-22 12:46:06.949root 11241100x80000000000000004025470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c0b65fe78e33b62021-12-22 12:46:06.949root 11241100x80000000000000004025471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073d0287398f98f42021-12-22 12:46:06.949root 11241100x80000000000000004025472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cab44a819d5df712021-12-22 12:46:06.950root 11241100x80000000000000004025473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e893571d11428e2021-12-22 12:46:06.950root 11241100x80000000000000004025474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9adf2d78be40bf2021-12-22 12:46:06.950root 11241100x80000000000000004025475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2a28a4576ff29b2021-12-22 12:46:06.950root 11241100x80000000000000004025476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89358d0e14604c3a2021-12-22 12:46:06.950root 11241100x80000000000000004025477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ec8cd9fa4e6b0c2021-12-22 12:46:07.443root 11241100x80000000000000004025478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ae7b5cb3e267612021-12-22 12:46:07.443root 11241100x80000000000000004025479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdf155703f0ea372021-12-22 12:46:07.443root 11241100x80000000000000004025480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2781c454df4e62062021-12-22 12:46:07.444root 11241100x80000000000000004025481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17229be67930bbe2021-12-22 12:46:07.444root 11241100x80000000000000004025482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a069a204a86a022021-12-22 12:46:07.444root 11241100x80000000000000004025483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fab7dcb01c2e8b62021-12-22 12:46:07.444root 11241100x80000000000000004025484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5a7c67a5581c622021-12-22 12:46:07.444root 11241100x80000000000000004025485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f15a8786d491a72021-12-22 12:46:07.445root 11241100x80000000000000004025486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0be878e4f3a8792021-12-22 12:46:07.445root 11241100x80000000000000004025487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18170f7c20f8e872021-12-22 12:46:07.445root 11241100x80000000000000004025488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cee3f13b5a6f0f32021-12-22 12:46:07.445root 11241100x80000000000000004025489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d3726bf72aaf5e2021-12-22 12:46:07.445root 11241100x80000000000000004025490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a946196e1b2ea7992021-12-22 12:46:07.446root 11241100x80000000000000004025491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e8affb4cc9f5482021-12-22 12:46:07.446root 11241100x80000000000000004025492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8bff66df9f18652021-12-22 12:46:07.446root 11241100x80000000000000004025493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a50c6b64eab464a2021-12-22 12:46:07.446root 11241100x80000000000000004025494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba841a2549f92ed2021-12-22 12:46:07.446root 11241100x80000000000000004025495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc403a4908822bb62021-12-22 12:46:07.446root 11241100x80000000000000004025496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a167e157eea85d2021-12-22 12:46:07.447root 11241100x80000000000000004025497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5824ce658c68283e2021-12-22 12:46:07.447root 11241100x80000000000000004025498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca18c5f621651522021-12-22 12:46:07.447root 11241100x80000000000000004025499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec313fa1841ac6e82021-12-22 12:46:07.447root 11241100x80000000000000004025500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85eed41a12fc44d2021-12-22 12:46:07.447root 11241100x80000000000000004025501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e555fe55d6d13e962021-12-22 12:46:07.447root 11241100x80000000000000004025502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee64f7f094b8d712021-12-22 12:46:07.448root 11241100x80000000000000004025503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc205981fad7cbb2021-12-22 12:46:07.448root 11241100x80000000000000004025504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcad0e1cd5d3a7b2021-12-22 12:46:07.448root 11241100x80000000000000004025505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf858eabb8ce08e2021-12-22 12:46:07.448root 11241100x80000000000000004025506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d6ffd12866a11f2021-12-22 12:46:07.448root 11241100x80000000000000004025507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90fd17e48e98cf42021-12-22 12:46:07.449root 11241100x80000000000000004025508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51cda806f4fce152021-12-22 12:46:07.449root 11241100x80000000000000004025509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcd803ee16cb33a2021-12-22 12:46:07.449root 11241100x80000000000000004025510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c92bb444e850272021-12-22 12:46:07.449root 11241100x80000000000000004025511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01d0487af82dc8b2021-12-22 12:46:07.450root 11241100x80000000000000004025512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee8497c7cad3d9c2021-12-22 12:46:07.450root 11241100x80000000000000004025513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5d5e6e04942f1f2021-12-22 12:46:07.450root 11241100x80000000000000004025514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf3d6cfd3059d362021-12-22 12:46:07.450root 11241100x80000000000000004025515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90685daf950a5d1b2021-12-22 12:46:07.450root 11241100x80000000000000004025516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2792c6106cbc645c2021-12-22 12:46:07.451root 11241100x80000000000000004025517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7942f8f3e348eac2021-12-22 12:46:07.451root 11241100x80000000000000004025518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a50f90beda277a2021-12-22 12:46:07.451root 11241100x80000000000000004025519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7257a41dd71908992021-12-22 12:46:07.943root 11241100x80000000000000004025520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e02e62e1554e222021-12-22 12:46:07.943root 11241100x80000000000000004025521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf2642a942be1d62021-12-22 12:46:07.943root 11241100x80000000000000004025522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49789e0ec7fb06962021-12-22 12:46:07.944root 11241100x80000000000000004025523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5837f87f11bdb062021-12-22 12:46:07.944root 11241100x80000000000000004025524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1707d0821485282021-12-22 12:46:07.944root 11241100x80000000000000004025525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0671c8d71ef3a2392021-12-22 12:46:07.944root 11241100x80000000000000004025526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d2fc8a7c4a2b1b2021-12-22 12:46:07.945root 11241100x80000000000000004025527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bdddf008a604462021-12-22 12:46:07.945root 11241100x80000000000000004025528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e64467be8bae64c2021-12-22 12:46:07.945root 11241100x80000000000000004025529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33960c52c7d71772021-12-22 12:46:07.946root 11241100x80000000000000004025530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c581194592d949332021-12-22 12:46:07.946root 11241100x80000000000000004025531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9dc3fd22e43d172021-12-22 12:46:07.946root 11241100x80000000000000004025532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef13c254d5f5c492021-12-22 12:46:07.946root 11241100x80000000000000004025533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c814990d1c30c9d12021-12-22 12:46:07.946root 11241100x80000000000000004025534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72296334a143251a2021-12-22 12:46:07.946root 11241100x80000000000000004025535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52cd827d274ac592021-12-22 12:46:07.946root 11241100x80000000000000004025536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f539d41ef580cd512021-12-22 12:46:07.947root 11241100x80000000000000004025537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117b9b9f84dc75f42021-12-22 12:46:07.947root 11241100x80000000000000004025538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e9a878f6aaa88a2021-12-22 12:46:07.947root 11241100x80000000000000004025539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b5cd652fcd8a352021-12-22 12:46:07.947root 11241100x80000000000000004025540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e83a34bb674f9a2021-12-22 12:46:07.947root 11241100x80000000000000004025541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e833b3ed6cc685f2021-12-22 12:46:07.947root 11241100x80000000000000004025542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0886ae24c378caf82021-12-22 12:46:07.948root 11241100x80000000000000004025543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febec1dbbec29ec12021-12-22 12:46:07.948root 11241100x80000000000000004025544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347cb89fa5fecc4c2021-12-22 12:46:07.948root 11241100x80000000000000004025545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43f71451c457a182021-12-22 12:46:07.948root 11241100x80000000000000004025546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b77864070ff3a252021-12-22 12:46:07.948root 11241100x80000000000000004025547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e044f3b4c15cb12021-12-22 12:46:07.948root 11241100x80000000000000004025548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff72865ee677a222021-12-22 12:46:07.948root 11241100x80000000000000004025549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a913a10df945ffb02021-12-22 12:46:07.948root 11241100x80000000000000004025550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ed317d21063efc2021-12-22 12:46:07.949root 11241100x80000000000000004025551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60cb128d8ec84c82021-12-22 12:46:07.949root 11241100x80000000000000004025552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33c52bc468827262021-12-22 12:46:07.949root 11241100x80000000000000004025553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32700330506d01ce2021-12-22 12:46:07.949root 11241100x80000000000000004025554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9a320d7f77e37a2021-12-22 12:46:07.949root 11241100x80000000000000004025555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e32c020ca49abd82021-12-22 12:46:07.949root 11241100x80000000000000004025556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bacbd135df24be02021-12-22 12:46:07.950root 11241100x80000000000000004025557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff50cadbaf27e542021-12-22 12:46:07.950root 11241100x80000000000000004025558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:07.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959023ab2c417c592021-12-22 12:46:07.950root 11241100x80000000000000004025559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba6e047b4ec7d6f2021-12-22 12:46:08.443root 11241100x80000000000000004025560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5324fec8c2c52fad2021-12-22 12:46:08.443root 11241100x80000000000000004025561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a00b313b6bdbd162021-12-22 12:46:08.443root 11241100x80000000000000004025562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d24e8a23d7336102021-12-22 12:46:08.444root 11241100x80000000000000004025563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc343aeca038cf82021-12-22 12:46:08.444root 11241100x80000000000000004025564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab572133dc5e3df72021-12-22 12:46:08.444root 11241100x80000000000000004025565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611da11dff1c07a82021-12-22 12:46:08.444root 11241100x80000000000000004025566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a986011996f4eae92021-12-22 12:46:08.444root 11241100x80000000000000004025567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d98d1d6d27a28352021-12-22 12:46:08.444root 11241100x80000000000000004025568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dabb2a9a2574832021-12-22 12:46:08.444root 11241100x80000000000000004025569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e589f72dd799baf92021-12-22 12:46:08.444root 11241100x80000000000000004025570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d094f7be7cb4512021-12-22 12:46:08.444root 11241100x80000000000000004025571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402adffb96f822662021-12-22 12:46:08.444root 11241100x80000000000000004025572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b602bce52eb7ac2021-12-22 12:46:08.444root 11241100x80000000000000004025573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baf5c45a32c602a2021-12-22 12:46:08.444root 11241100x80000000000000004025574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f596630cc8f1fc72021-12-22 12:46:08.444root 11241100x80000000000000004025575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003c0beae8a3a4cd2021-12-22 12:46:08.445root 11241100x80000000000000004025576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651a3777afdd3f022021-12-22 12:46:08.445root 11241100x80000000000000004025577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ba4ea4cea9d4932021-12-22 12:46:08.445root 11241100x80000000000000004025578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28144551eacde1782021-12-22 12:46:08.445root 11241100x80000000000000004025579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f96c2ceab86fe922021-12-22 12:46:08.445root 11241100x80000000000000004025580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7381afc6a0391c1e2021-12-22 12:46:08.445root 11241100x80000000000000004025581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a53d29f92788c3d2021-12-22 12:46:08.445root 11241100x80000000000000004025582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b38f3ba73374882021-12-22 12:46:08.445root 11241100x80000000000000004025583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf13b4ccb3662742021-12-22 12:46:08.445root 11241100x80000000000000004025584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a9c98c267118f62021-12-22 12:46:08.445root 11241100x80000000000000004025585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c57771a5b073532021-12-22 12:46:08.445root 11241100x80000000000000004025586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924f422dda56c0ee2021-12-22 12:46:08.445root 11241100x80000000000000004025587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de16b18f4c977a602021-12-22 12:46:08.445root 11241100x80000000000000004025588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2644eeccd4b3ed3e2021-12-22 12:46:08.445root 11241100x80000000000000004025589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af40f7de5c3a9c832021-12-22 12:46:08.445root 11241100x80000000000000004025590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcb6e906c02f2d72021-12-22 12:46:08.445root 11241100x80000000000000004025591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f6b820e516b8a72021-12-22 12:46:08.943root 11241100x80000000000000004025592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ec058f6217c92e2021-12-22 12:46:08.943root 11241100x80000000000000004025593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6b242ff8ec423c2021-12-22 12:46:08.943root 11241100x80000000000000004025594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a45145482d9cf92021-12-22 12:46:08.944root 11241100x80000000000000004025595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffee91962c279592021-12-22 12:46:08.944root 11241100x80000000000000004025596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe236031173a05d2021-12-22 12:46:08.944root 11241100x80000000000000004025597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbc4ff21204b7c82021-12-22 12:46:08.944root 11241100x80000000000000004025598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37d3e32555784c82021-12-22 12:46:08.944root 11241100x80000000000000004025599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d9ea36f0d89f982021-12-22 12:46:08.944root 11241100x80000000000000004025600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1beeaff9442b642021-12-22 12:46:08.945root 11241100x80000000000000004025601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f02eb76249cbf22021-12-22 12:46:08.945root 11241100x80000000000000004025602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd6567172e3b2d02021-12-22 12:46:08.945root 11241100x80000000000000004025603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513871ba046d4ace2021-12-22 12:46:08.945root 11241100x80000000000000004025604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d075b07c50b4720a2021-12-22 12:46:08.945root 11241100x80000000000000004025605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e9617e918d285f2021-12-22 12:46:08.945root 11241100x80000000000000004025606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409c517a06765c152021-12-22 12:46:08.946root 11241100x80000000000000004025607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ce452ca2adbbe22021-12-22 12:46:08.946root 11241100x80000000000000004025608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536f7aaa44e2cb8c2021-12-22 12:46:08.946root 11241100x80000000000000004025609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7d823dd16056902021-12-22 12:46:08.946root 11241100x80000000000000004025610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f4550c2ff874502021-12-22 12:46:08.946root 11241100x80000000000000004025611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b71af0ef76d0a22021-12-22 12:46:08.946root 11241100x80000000000000004025612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4afd1a6143fae52021-12-22 12:46:08.946root 11241100x80000000000000004025613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bff09f6a1cc3f6c2021-12-22 12:46:08.946root 11241100x80000000000000004025614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf98b3cb673636b2021-12-22 12:46:08.946root 11241100x80000000000000004025615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb555c4b28cffbe82021-12-22 12:46:08.946root 11241100x80000000000000004025616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e725b6db3b19a8792021-12-22 12:46:08.946root 11241100x80000000000000004025617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9344b51ff249e3132021-12-22 12:46:08.947root 11241100x80000000000000004025618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e4988519e620262021-12-22 12:46:08.947root 11241100x80000000000000004025619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7955e9de96ccb022021-12-22 12:46:08.947root 11241100x80000000000000004025620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38aaca92c0ecbc142021-12-22 12:46:08.947root 11241100x80000000000000004025621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b560de4cf97f571b2021-12-22 12:46:08.947root 11241100x80000000000000004025622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5f7503dbb24e5c2021-12-22 12:46:08.947root 11241100x80000000000000004025623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f94a87b96779e92021-12-22 12:46:08.947root 11241100x80000000000000004025624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518ae450f49af9172021-12-22 12:46:08.948root 11241100x80000000000000004025625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b6391c66c19ca42021-12-22 12:46:08.948root 11241100x80000000000000004025626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29ca5d44a85af1d2021-12-22 12:46:08.948root 11241100x80000000000000004025627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244dd940f25492a22021-12-22 12:46:08.948root 11241100x80000000000000004025628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f9548221d7e8ad2021-12-22 12:46:08.948root 11241100x80000000000000004025629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4db9255018b2f82021-12-22 12:46:08.949root 11241100x80000000000000004025630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e27eb9d652c5a0f2021-12-22 12:46:08.949root 11241100x80000000000000004025631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d637bf45a72e394a2021-12-22 12:46:08.949root 11241100x80000000000000004025632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6a0a080fb439002021-12-22 12:46:08.949root 11241100x80000000000000004025633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d26acdc143fa9b92021-12-22 12:46:08.949root 11241100x80000000000000004025634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f8bcde6e47ee8f2021-12-22 12:46:08.949root 11241100x80000000000000004025635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832fe52d07c139432021-12-22 12:46:08.949root 11241100x80000000000000004025636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56e56e1e0d1f15a2021-12-22 12:46:08.949root 11241100x80000000000000004025637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4823a4645b5d5c5c2021-12-22 12:46:08.949root 11241100x80000000000000004025638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d897de7dc25f292021-12-22 12:46:08.949root 11241100x80000000000000004025639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a40a7f4aa88eae2021-12-22 12:46:09.443root 11241100x80000000000000004025640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f9655bffcdf8742021-12-22 12:46:09.444root 11241100x80000000000000004025641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a384b58cdfbe622021-12-22 12:46:09.444root 11241100x80000000000000004025642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e8c0bda419ec112021-12-22 12:46:09.444root 11241100x80000000000000004025643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eb4bd1b5587d8f2021-12-22 12:46:09.444root 11241100x80000000000000004025644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2427207e075d9d42021-12-22 12:46:09.444root 11241100x80000000000000004025645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eeb9c4cf1830dd72021-12-22 12:46:09.444root 11241100x80000000000000004025646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d4e86f4097f7d92021-12-22 12:46:09.445root 11241100x80000000000000004025647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086c87b22a6589ad2021-12-22 12:46:09.445root 11241100x80000000000000004025648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a6be3d526192402021-12-22 12:46:09.445root 11241100x80000000000000004025649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbe6c4b0d97c5492021-12-22 12:46:09.445root 11241100x80000000000000004025650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d79a8fa09f375952021-12-22 12:46:09.445root 11241100x80000000000000004025651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c45c2df90871892021-12-22 12:46:09.445root 11241100x80000000000000004025652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8080e8b283131d372021-12-22 12:46:09.445root 11241100x80000000000000004025653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0e178cd365cd142021-12-22 12:46:09.445root 11241100x80000000000000004025654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15cca13b3089d002021-12-22 12:46:09.446root 11241100x80000000000000004025655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3dc9e0e78659462021-12-22 12:46:09.446root 11241100x80000000000000004025656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c7dd53607a3cb12021-12-22 12:46:09.446root 11241100x80000000000000004025657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1514039b1311f4bb2021-12-22 12:46:09.446root 11241100x80000000000000004025658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583570f522d485b22021-12-22 12:46:09.446root 11241100x80000000000000004025659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99259b47a2f0920f2021-12-22 12:46:09.446root 11241100x80000000000000004025660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26b53e2c18ab4e22021-12-22 12:46:09.446root 11241100x80000000000000004025661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e44b424f9077dc2021-12-22 12:46:09.446root 11241100x80000000000000004025662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4172a163659d72472021-12-22 12:46:09.446root 11241100x80000000000000004025663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d8ab8f3fa647422021-12-22 12:46:09.446root 11241100x80000000000000004025664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b75e161f21443ee2021-12-22 12:46:09.447root 11241100x80000000000000004025665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a534ca36995d5aa2021-12-22 12:46:09.447root 11241100x80000000000000004025666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efe3cc0be45f12a2021-12-22 12:46:09.447root 11241100x80000000000000004025667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e53c6d03fd870f2021-12-22 12:46:09.447root 11241100x80000000000000004025668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbd219d3de3f7502021-12-22 12:46:09.447root 11241100x80000000000000004025669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7594012f0d4fa2602021-12-22 12:46:09.447root 11241100x80000000000000004025670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e717002b5f53d32021-12-22 12:46:09.447root 11241100x80000000000000004025671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22ca65ad8d6cbe22021-12-22 12:46:09.447root 11241100x80000000000000004025672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d748a86dced3b932021-12-22 12:46:09.447root 11241100x80000000000000004025673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a52ef88c73e0482021-12-22 12:46:09.448root 11241100x80000000000000004025674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577bc938d6adef0c2021-12-22 12:46:09.943root 11241100x80000000000000004025675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277250128f80f3322021-12-22 12:46:09.943root 11241100x80000000000000004025676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3972a442e776555d2021-12-22 12:46:09.944root 11241100x80000000000000004025677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166e212a0db0b4bc2021-12-22 12:46:09.944root 11241100x80000000000000004025678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094d434a8babb7032021-12-22 12:46:09.944root 11241100x80000000000000004025679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7383fe3a037a90872021-12-22 12:46:09.944root 11241100x80000000000000004025680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c4620a10db60262021-12-22 12:46:09.945root 11241100x80000000000000004025681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d53daab50feeefe2021-12-22 12:46:09.945root 11241100x80000000000000004025682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbc34b11a055cf02021-12-22 12:46:09.945root 11241100x80000000000000004025683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c41cf4a32eff8e2021-12-22 12:46:09.945root 11241100x80000000000000004025684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1325b544db1d4c32021-12-22 12:46:09.946root 11241100x80000000000000004025685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ce3ec05437f6fd2021-12-22 12:46:09.946root 11241100x80000000000000004025686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ac03628273c3f02021-12-22 12:46:09.946root 11241100x80000000000000004025687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ea60cda4432e162021-12-22 12:46:09.946root 11241100x80000000000000004025688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bd9eb9d6b09c2a2021-12-22 12:46:09.946root 11241100x80000000000000004025689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a53c03585ac76f72021-12-22 12:46:09.947root 11241100x80000000000000004025690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afe070fdbb5b8822021-12-22 12:46:09.947root 11241100x80000000000000004025691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc32ecb5a66a1f612021-12-22 12:46:09.947root 11241100x80000000000000004025692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ba461c1e5ce93f2021-12-22 12:46:09.947root 11241100x80000000000000004025693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616bf29870bb5d9c2021-12-22 12:46:09.947root 11241100x80000000000000004025694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df69d123a459fe702021-12-22 12:46:09.947root 11241100x80000000000000004025695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552810487f92f6212021-12-22 12:46:09.947root 11241100x80000000000000004025696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8b8eef00d6cf5d2021-12-22 12:46:09.947root 11241100x80000000000000004025697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3247925f709aa26a2021-12-22 12:46:09.947root 11241100x80000000000000004025698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7450c681079a10c92021-12-22 12:46:09.947root 11241100x80000000000000004025699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673dd960a99800302021-12-22 12:46:09.948root 11241100x80000000000000004025700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6870e8793d2e65d2021-12-22 12:46:09.948root 11241100x80000000000000004025701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a9bf9dc4a046d02021-12-22 12:46:09.948root 11241100x80000000000000004025702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b663c46173e0ff2021-12-22 12:46:09.948root 11241100x80000000000000004025703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1e5b00488feafb2021-12-22 12:46:09.948root 11241100x80000000000000004025704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9220653bc9220fd92021-12-22 12:46:09.948root 11241100x80000000000000004025705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbee2890fcb178242021-12-22 12:46:09.948root 11241100x80000000000000004025706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cf045c748553422021-12-22 12:46:09.948root 11241100x80000000000000004025707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121cf979606d2a9f2021-12-22 12:46:09.948root 11241100x80000000000000004025708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e5de96ca0a74de2021-12-22 12:46:09.948root 11241100x80000000000000004025709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f2a184606be5202021-12-22 12:46:09.948root 11241100x80000000000000004025710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2569cce584a2c2882021-12-22 12:46:10.443root 11241100x80000000000000004025711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa4f68209fb578f2021-12-22 12:46:10.443root 11241100x80000000000000004025712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b48355e73a38182021-12-22 12:46:10.443root 11241100x80000000000000004025713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f65381200cc6812021-12-22 12:46:10.443root 11241100x80000000000000004025714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070cea18817e760f2021-12-22 12:46:10.444root 11241100x80000000000000004025715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905db53fba2d649b2021-12-22 12:46:10.444root 11241100x80000000000000004025716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec13de614214f9f2021-12-22 12:46:10.444root 11241100x80000000000000004025717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fb23948eb96a742021-12-22 12:46:10.444root 11241100x80000000000000004025718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa8c02c4eef66c22021-12-22 12:46:10.444root 11241100x80000000000000004025719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35291a8a93f2304a2021-12-22 12:46:10.444root 11241100x80000000000000004025720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9930031f1ac18c02021-12-22 12:46:10.444root 11241100x80000000000000004025721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6819796dd2d7602021-12-22 12:46:10.444root 11241100x80000000000000004025722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccd4bedee1b9d842021-12-22 12:46:10.445root 11241100x80000000000000004025723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59550ce006175fa2021-12-22 12:46:10.445root 11241100x80000000000000004025724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97567878ded90c02021-12-22 12:46:10.445root 11241100x80000000000000004025725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6415d1dd4d35701c2021-12-22 12:46:10.445root 11241100x80000000000000004025726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefabf935c9817142021-12-22 12:46:10.446root 11241100x80000000000000004025727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a48e8326b4fc3e2021-12-22 12:46:10.446root 11241100x80000000000000004025728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78278bc0866756742021-12-22 12:46:10.446root 11241100x80000000000000004025729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58652cc2a3d82aae2021-12-22 12:46:10.446root 11241100x80000000000000004025730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bea274d00441722021-12-22 12:46:10.446root 11241100x80000000000000004025731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f203b8331e819cf82021-12-22 12:46:10.446root 11241100x80000000000000004025732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fef0af704d798b2021-12-22 12:46:10.446root 11241100x80000000000000004025733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f07aaddd5dbf1fc2021-12-22 12:46:10.446root 11241100x80000000000000004025734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79b4af2ca26737d2021-12-22 12:46:10.447root 11241100x80000000000000004025735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16364cac97ca93a42021-12-22 12:46:10.447root 11241100x80000000000000004025736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822af2a425f6a7b52021-12-22 12:46:10.447root 11241100x80000000000000004025737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d572c8593233312021-12-22 12:46:10.447root 11241100x80000000000000004025738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de3379219b219892021-12-22 12:46:10.447root 11241100x80000000000000004025739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae670b4cc7850112021-12-22 12:46:10.447root 11241100x80000000000000004025740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f954805d77143792021-12-22 12:46:10.447root 11241100x80000000000000004025741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27186c033f0c21ca2021-12-22 12:46:10.447root 11241100x80000000000000004025742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f106e61a1634e042021-12-22 12:46:10.448root 11241100x80000000000000004025743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34d4a2262b7100c2021-12-22 12:46:10.448root 11241100x80000000000000004025744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c308760cf5726c2021-12-22 12:46:10.448root 11241100x80000000000000004025745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5b81f87f86a58f2021-12-22 12:46:10.448root 11241100x80000000000000004025746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2b081cd7f08ea52021-12-22 12:46:10.448root 11241100x80000000000000004025747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be55a2ce88318812021-12-22 12:46:10.449root 11241100x80000000000000004025748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3674c3714883fa2021-12-22 12:46:10.449root 11241100x80000000000000004025749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8d2d031ea9090c2021-12-22 12:46:10.449root 11241100x80000000000000004025750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a84af2511f0bfad2021-12-22 12:46:10.450root 11241100x80000000000000004025751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f287c17d4afa0822021-12-22 12:46:10.450root 11241100x80000000000000004025752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb515215127c415d2021-12-22 12:46:10.450root 11241100x80000000000000004025753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77fa1c720597f082021-12-22 12:46:10.450root 11241100x80000000000000004025754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45fd4799d86a1db2021-12-22 12:46:10.450root 11241100x80000000000000004025755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b125fb3c199b8cd72021-12-22 12:46:10.450root 11241100x80000000000000004025756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b701762d49f5390b2021-12-22 12:46:10.943root 11241100x80000000000000004025757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb51be1db969e17d2021-12-22 12:46:10.943root 11241100x80000000000000004025758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faef78e2a238452f2021-12-22 12:46:10.944root 11241100x80000000000000004025759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70604e2a64acc7182021-12-22 12:46:10.944root 11241100x80000000000000004025760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4e2582ebe9225c2021-12-22 12:46:10.944root 11241100x80000000000000004025761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f79e6871fab65c2021-12-22 12:46:10.944root 11241100x80000000000000004025762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0839511b1502af2021-12-22 12:46:10.945root 11241100x80000000000000004025763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3437e98a01551ae2021-12-22 12:46:10.945root 11241100x80000000000000004025764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fe5fae21636beb2021-12-22 12:46:10.945root 11241100x80000000000000004025765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cf1f17b1314c9c2021-12-22 12:46:10.946root 11241100x80000000000000004025766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2637f41d5353a84a2021-12-22 12:46:10.946root 11241100x80000000000000004025767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd7989a60ca42772021-12-22 12:46:10.947root 11241100x80000000000000004025768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e4ff31e1f884e92021-12-22 12:46:10.947root 11241100x80000000000000004025769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cf1ad1375ec7252021-12-22 12:46:10.947root 11241100x80000000000000004025770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b3128b205b8c402021-12-22 12:46:10.948root 11241100x80000000000000004025771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1291d9e9be6054d2021-12-22 12:46:10.948root 11241100x80000000000000004025772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b99f35c51b512b92021-12-22 12:46:10.948root 11241100x80000000000000004025773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf895ce58606c47b2021-12-22 12:46:10.948root 11241100x80000000000000004025774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e31138dba3393652021-12-22 12:46:10.949root 11241100x80000000000000004025775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c97b10183b1baf2021-12-22 12:46:10.949root 11241100x80000000000000004025776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73a256a2887ce122021-12-22 12:46:10.949root 11241100x80000000000000004025777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b788def8614f5782021-12-22 12:46:10.949root 11241100x80000000000000004025778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962daf130d3710952021-12-22 12:46:10.950root 11241100x80000000000000004025779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89054b591b85590e2021-12-22 12:46:10.950root 11241100x80000000000000004025780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2bdae37ae9ce9c2021-12-22 12:46:10.950root 11241100x80000000000000004025781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6e585f71da6f302021-12-22 12:46:10.951root 11241100x80000000000000004025782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dda57c557ef1bb2021-12-22 12:46:10.951root 11241100x80000000000000004025783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d3500a1e85e6bc2021-12-22 12:46:10.951root 11241100x80000000000000004025784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c59e501447726c22021-12-22 12:46:10.951root 11241100x80000000000000004025785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c378b8960bf5bc372021-12-22 12:46:10.951root 11241100x80000000000000004025786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c105ed6ee4bb51ad2021-12-22 12:46:10.952root 11241100x80000000000000004025787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3930bd9d6b7c8fc22021-12-22 12:46:10.952root 11241100x80000000000000004025788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe55b968d687fe1b2021-12-22 12:46:10.952root 11241100x80000000000000004025789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e861710c6a1022ae2021-12-22 12:46:10.952root 11241100x80000000000000004025790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f93748a410a6e12021-12-22 12:46:10.952root 11241100x80000000000000004025791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89a111bbf25e0c12021-12-22 12:46:10.952root 11241100x80000000000000004025792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:10.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f10dbc1d4d23e332021-12-22 12:46:10.953root 354300x80000000000000004025793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.237{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56880-false10.0.1.12-8000- 11241100x80000000000000004025794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4345887babe8993a2021-12-22 12:46:11.238root 11241100x80000000000000004025795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5552838138abf182021-12-22 12:46:11.238root 11241100x80000000000000004025796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd8e00fc23398542021-12-22 12:46:11.238root 11241100x80000000000000004025797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd638c0e1d374b2021-12-22 12:46:11.238root 11241100x80000000000000004025798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e6dca5042ba9782021-12-22 12:46:11.238root 11241100x80000000000000004025799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c9d9d4677e4eaf2021-12-22 12:46:11.238root 11241100x80000000000000004025800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170d7b575ec5bcdf2021-12-22 12:46:11.238root 11241100x80000000000000004025801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e1541359b089492021-12-22 12:46:11.239root 11241100x80000000000000004025802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a60236508803332021-12-22 12:46:11.239root 11241100x80000000000000004025803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bf49fd89462c662021-12-22 12:46:11.239root 11241100x80000000000000004025804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb3c41eabf825772021-12-22 12:46:11.239root 11241100x80000000000000004025805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37eaac2645d364662021-12-22 12:46:11.239root 11241100x80000000000000004025806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53c3d7f9cf0351f2021-12-22 12:46:11.239root 11241100x80000000000000004025807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca272279a55149fe2021-12-22 12:46:11.239root 11241100x80000000000000004025808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d4783b2356e37e2021-12-22 12:46:11.240root 11241100x80000000000000004025809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d541bd14db6786ad2021-12-22 12:46:11.240root 11241100x80000000000000004025810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7015b6a3860bb82021-12-22 12:46:11.240root 11241100x80000000000000004025811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46cc1ee857f05192021-12-22 12:46:11.240root 11241100x80000000000000004025812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9715d50299e4a40b2021-12-22 12:46:11.240root 11241100x80000000000000004025813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3967525b8102202021-12-22 12:46:11.240root 11241100x80000000000000004025814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a965e6e7c3cd6f292021-12-22 12:46:11.240root 11241100x80000000000000004025815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ee58badf7839ac2021-12-22 12:46:11.240root 11241100x80000000000000004025816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b314b8707cf3922021-12-22 12:46:11.240root 11241100x80000000000000004025817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2fb90cb00a13272021-12-22 12:46:11.240root 11241100x80000000000000004025818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31068c2d10e7d7862021-12-22 12:46:11.240root 11241100x80000000000000004025819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b687601478ae87a72021-12-22 12:46:11.240root 11241100x80000000000000004025820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f790189cbc2ec462021-12-22 12:46:11.240root 11241100x80000000000000004025821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd1a429f7cecf642021-12-22 12:46:11.241root 11241100x80000000000000004025822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3ae5f35de8c4492021-12-22 12:46:11.241root 11241100x80000000000000004025823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a58d2f04177c37d2021-12-22 12:46:11.241root 11241100x80000000000000004025824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28fef9025b4135a2021-12-22 12:46:11.241root 11241100x80000000000000004025825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1a9ef501a0c67a2021-12-22 12:46:11.241root 11241100x80000000000000004025826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673267282bb13e802021-12-22 12:46:11.241root 11241100x80000000000000004025827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57f8930bc1223322021-12-22 12:46:11.241root 11241100x80000000000000004025828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c0ba9485e67ed92021-12-22 12:46:11.242root 11241100x80000000000000004025829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a6a10081e185fe2021-12-22 12:46:11.242root 11241100x80000000000000004025830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46676c396d8c97e2021-12-22 12:46:11.242root 11241100x80000000000000004025831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95c2e0213b56f1c2021-12-22 12:46:11.242root 11241100x80000000000000004025832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548b6394720dd6e82021-12-22 12:46:11.242root 11241100x80000000000000004025833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda5dee4f0a11ef92021-12-22 12:46:11.242root 11241100x80000000000000004025834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b133f5093c3857722021-12-22 12:46:11.242root 11241100x80000000000000004025835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce86f2ea335222452021-12-22 12:46:11.242root 11241100x80000000000000004025836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5c5fa93b1123092021-12-22 12:46:11.242root 11241100x80000000000000004025837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397ece0a053c56892021-12-22 12:46:11.242root 11241100x80000000000000004025838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59009818edb624382021-12-22 12:46:11.242root 11241100x80000000000000004025839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59cb6c060753afa2021-12-22 12:46:11.242root 11241100x80000000000000004025840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5689134a8030412021-12-22 12:46:11.243root 11241100x80000000000000004025841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d770fc8c0bd46f2b2021-12-22 12:46:11.243root 11241100x80000000000000004025842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59691d283146defe2021-12-22 12:46:11.243root 11241100x80000000000000004025843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a686b31c1bbeb0fe2021-12-22 12:46:11.243root 11241100x80000000000000004025844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc9a390e4eaee9d2021-12-22 12:46:11.243root 11241100x80000000000000004025845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8426d9f9f4557f592021-12-22 12:46:11.243root 11241100x80000000000000004025846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4067935f4a75162021-12-22 12:46:11.243root 11241100x80000000000000004025847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a159d9e27737c18c2021-12-22 12:46:11.243root 11241100x80000000000000004025848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1c8f7a6e06e4372021-12-22 12:46:11.243root 11241100x80000000000000004025849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6ab99b08e7ae212021-12-22 12:46:11.243root 11241100x80000000000000004025850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152a59a4f36af7e02021-12-22 12:46:11.243root 11241100x80000000000000004025851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebca06aa3f9062752021-12-22 12:46:11.244root 11241100x80000000000000004025852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7358fda63958212e2021-12-22 12:46:11.244root 11241100x80000000000000004025853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bda461f721f3e952021-12-22 12:46:11.244root 11241100x80000000000000004025854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d78d1d98dbf630b2021-12-22 12:46:11.244root 11241100x80000000000000004025855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5afc1b159f3a5c2021-12-22 12:46:11.244root 11241100x80000000000000004025856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1effccd562efd8602021-12-22 12:46:11.244root 11241100x80000000000000004025857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b0a18a2d73ebf02021-12-22 12:46:11.245root 11241100x80000000000000004025858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0efff079cd687c2021-12-22 12:46:11.245root 11241100x80000000000000004025859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9883318cdcfc812021-12-22 12:46:11.245root 11241100x80000000000000004025860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150777faed96e93f2021-12-22 12:46:11.246root 11241100x80000000000000004025861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca7e2d0969432c92021-12-22 12:46:11.246root 11241100x80000000000000004025862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0363d9130d9431e42021-12-22 12:46:11.246root 11241100x80000000000000004025863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d653b92c440453742021-12-22 12:46:11.246root 11241100x80000000000000004025864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e572cc65c128b4aa2021-12-22 12:46:11.246root 11241100x80000000000000004025865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eb5653a0fad4d82021-12-22 12:46:11.246root 11241100x80000000000000004025866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8094fa1abdec1c9c2021-12-22 12:46:11.246root 11241100x80000000000000004025867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7e70f31839dea42021-12-22 12:46:11.246root 11241100x80000000000000004025868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04c0f4ea3d8f2a72021-12-22 12:46:11.246root 11241100x80000000000000004025869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f2a82623e277182021-12-22 12:46:11.247root 11241100x80000000000000004025870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165e1015f3fc1dd32021-12-22 12:46:11.247root 11241100x80000000000000004025871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e362f46b2d40f3952021-12-22 12:46:11.247root 11241100x80000000000000004025872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9853239adc1b35862021-12-22 12:46:11.247root 11241100x80000000000000004025873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc2dc73e7c15e992021-12-22 12:46:11.248root 11241100x80000000000000004025874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c227e07081a8402021-12-22 12:46:11.249root 11241100x80000000000000004025875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ca3102807e92712021-12-22 12:46:11.249root 11241100x80000000000000004025876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e14194004ac9782021-12-22 12:46:11.249root 11241100x80000000000000004025877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c2f123981f0cd22021-12-22 12:46:11.249root 11241100x80000000000000004025878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8f7a17180da3532021-12-22 12:46:11.249root 11241100x80000000000000004025879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd2a29cfc5e28de2021-12-22 12:46:11.250root 11241100x80000000000000004025880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63671d6cc8cf91cf2021-12-22 12:46:11.250root 11241100x80000000000000004025881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e487c96791afe6a72021-12-22 12:46:11.250root 11241100x80000000000000004025882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8786080ddafb9432021-12-22 12:46:11.250root 11241100x80000000000000004025883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0228309b0384fcc32021-12-22 12:46:11.250root 11241100x80000000000000004025884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569ea333229561dc2021-12-22 12:46:11.250root 11241100x80000000000000004025885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a71adc2bc4b0162021-12-22 12:46:11.250root 11241100x80000000000000004025886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ad9759635eba3d2021-12-22 12:46:11.251root 11241100x80000000000000004025887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22b8a438ff3dc0b2021-12-22 12:46:11.251root 11241100x80000000000000004025888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963daa1ba3c7dc1c2021-12-22 12:46:11.251root 11241100x80000000000000004025889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad502bdda13bbe02021-12-22 12:46:11.251root 11241100x80000000000000004025890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18511fa5db8a20cf2021-12-22 12:46:11.251root 11241100x80000000000000004025891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2034d6f11b5ab42021-12-22 12:46:11.251root 11241100x80000000000000004025892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d892ad3602c389ee2021-12-22 12:46:11.251root 11241100x80000000000000004025893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bf3882030df58c2021-12-22 12:46:11.251root 11241100x80000000000000004025894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4e0a9bc3082f042021-12-22 12:46:11.252root 11241100x80000000000000004025895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa50882f8475b86c2021-12-22 12:46:11.252root 11241100x80000000000000004025896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759857a1917dfcbb2021-12-22 12:46:11.252root 11241100x80000000000000004025897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413439021915f9552021-12-22 12:46:11.252root 11241100x80000000000000004025898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895aa6bcabb741e42021-12-22 12:46:11.252root 11241100x80000000000000004025899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ddc92969e574b92021-12-22 12:46:11.252root 11241100x80000000000000004025900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fe764d67ff85362021-12-22 12:46:11.252root 11241100x80000000000000004025901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c770368adca0e08b2021-12-22 12:46:11.252root 11241100x80000000000000004025902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c0325c1873e3252021-12-22 12:46:11.253root 11241100x80000000000000004025903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11eca2ad94682fd22021-12-22 12:46:11.253root 11241100x80000000000000004025904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb09e6d89a23d3b2021-12-22 12:46:11.253root 11241100x80000000000000004025905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5680b21d7cdba2192021-12-22 12:46:11.253root 11241100x80000000000000004025906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af37246afab5aee2021-12-22 12:46:11.253root 11241100x80000000000000004025907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddbfb3f5669cfb32021-12-22 12:46:11.693root 11241100x80000000000000004025908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034fa1b48a8f98b92021-12-22 12:46:11.693root 11241100x80000000000000004025909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5d90090b0499112021-12-22 12:46:11.693root 11241100x80000000000000004025910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9706881a080f99452021-12-22 12:46:11.693root 11241100x80000000000000004025911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c67109c71a0d8b2021-12-22 12:46:11.694root 11241100x80000000000000004025912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88819107ce51c6fc2021-12-22 12:46:11.694root 11241100x80000000000000004025913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286cc10657a3d25a2021-12-22 12:46:11.694root 11241100x80000000000000004025914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fdbefd796cb78e2021-12-22 12:46:11.694root 11241100x80000000000000004025915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c3a3e38b6960d62021-12-22 12:46:11.694root 11241100x80000000000000004025916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8e97cc15321f112021-12-22 12:46:11.694root 11241100x80000000000000004025917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f93280341d862332021-12-22 12:46:11.694root 11241100x80000000000000004025918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cada7b7c30951ce82021-12-22 12:46:11.694root 11241100x80000000000000004025919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e35059c91ef9a942021-12-22 12:46:11.694root 11241100x80000000000000004025920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79eb4af8cc8de53d2021-12-22 12:46:11.694root 11241100x80000000000000004025921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001d6365c7c90bc62021-12-22 12:46:11.694root 11241100x80000000000000004025922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb29b57e26b583ed2021-12-22 12:46:11.695root 11241100x80000000000000004025923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41014a2b03e95122021-12-22 12:46:11.695root 11241100x80000000000000004025924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20215e8105028172021-12-22 12:46:11.695root 11241100x80000000000000004025925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc1f165af4306db2021-12-22 12:46:11.695root 11241100x80000000000000004025926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2704ed22e3e6fca12021-12-22 12:46:11.695root 11241100x80000000000000004025927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afc5e16e072ff8f2021-12-22 12:46:11.695root 11241100x80000000000000004025928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e154ce84fba77e2021-12-22 12:46:11.695root 11241100x80000000000000004025929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bee9a96592b81c12021-12-22 12:46:11.695root 11241100x80000000000000004025930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b656edbd60b76962021-12-22 12:46:11.695root 11241100x80000000000000004025931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fe0135221667f52021-12-22 12:46:11.696root 11241100x80000000000000004025932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2c67c0afbd21222021-12-22 12:46:11.696root 11241100x80000000000000004025933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac1d387d06714562021-12-22 12:46:11.696root 11241100x80000000000000004025934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afbc3c0a54ebaa52021-12-22 12:46:11.696root 11241100x80000000000000004025935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58383b1c7d715d502021-12-22 12:46:11.696root 11241100x80000000000000004025936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6773d41a90c01302021-12-22 12:46:11.696root 11241100x80000000000000004025937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdb4eb370f175d22021-12-22 12:46:11.696root 11241100x80000000000000004025938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bac76630fe408b2021-12-22 12:46:11.696root 11241100x80000000000000004025939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719312a83987748b2021-12-22 12:46:11.696root 11241100x80000000000000004025940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c34eafc125b48282021-12-22 12:46:11.697root 11241100x80000000000000004025941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9089d784f286c92021-12-22 12:46:11.697root 11241100x80000000000000004025942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa0acb7ca19ea3a2021-12-22 12:46:11.697root 11241100x80000000000000004025943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a8faeeb67335b92021-12-22 12:46:11.697root 11241100x80000000000000004025944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c54551c4053c5a2021-12-22 12:46:11.697root 11241100x80000000000000004025945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3341e47c69ebe2402021-12-22 12:46:11.697root 11241100x80000000000000004025946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e3704888ed351d2021-12-22 12:46:11.698root 11241100x80000000000000004025947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6128f8ca62c7937d2021-12-22 12:46:11.698root 11241100x80000000000000004025948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4b26d33fe123382021-12-22 12:46:11.698root 11241100x80000000000000004025949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60d5b2a408748082021-12-22 12:46:11.698root 11241100x80000000000000004025950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c52cc38a5d86b22021-12-22 12:46:11.698root 11241100x80000000000000004025951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdeb4a915a79a71d2021-12-22 12:46:11.698root 11241100x80000000000000004025952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d98936b4dbe7e1c2021-12-22 12:46:11.699root 11241100x80000000000000004025953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741e3c9d519b24da2021-12-22 12:46:11.699root 11241100x80000000000000004025954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00900bc2c2ae40c92021-12-22 12:46:11.699root 11241100x80000000000000004025955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282e206acaa05ae22021-12-22 12:46:11.699root 11241100x80000000000000004025956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb6b4ba464e5abd2021-12-22 12:46:11.699root 11241100x80000000000000004025957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f856ac287e781b372021-12-22 12:46:11.700root 11241100x80000000000000004025958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0cb813b1e0ae402021-12-22 12:46:11.700root 11241100x80000000000000004025959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68f52f5486781db2021-12-22 12:46:11.700root 11241100x80000000000000004025960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4b44937fa0c0072021-12-22 12:46:11.700root 11241100x80000000000000004025961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f77e801e9044e52021-12-22 12:46:11.700root 11241100x80000000000000004025962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ca2e9210c6dd6d2021-12-22 12:46:11.700root 11241100x80000000000000004025963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5345c837b22009ed2021-12-22 12:46:11.700root 11241100x80000000000000004025964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd071342c21d1032021-12-22 12:46:11.701root 11241100x80000000000000004025965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee2ad2ca6758bba2021-12-22 12:46:11.701root 11241100x80000000000000004025966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a764a3763f68cd4c2021-12-22 12:46:11.701root 11241100x80000000000000004025967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43480df161a4efa42021-12-22 12:46:11.701root 11241100x80000000000000004025968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2ed1f6c986c5bc2021-12-22 12:46:11.701root 11241100x80000000000000004025969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f890cf3072a76b2021-12-22 12:46:11.701root 11241100x80000000000000004025970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711f67b47867db402021-12-22 12:46:11.702root 11241100x80000000000000004025971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dffd3c16ccb91712021-12-22 12:46:11.702root 11241100x80000000000000004025972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d67b3e922fb4032021-12-22 12:46:11.702root 11241100x80000000000000004025973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a299f25fc3e364152021-12-22 12:46:11.702root 11241100x80000000000000004025974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d077252f97c6e62021-12-22 12:46:11.702root 11241100x80000000000000004025975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e317a8e5c140a942021-12-22 12:46:11.702root 11241100x80000000000000004025976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b5107dad2805552021-12-22 12:46:11.703root 11241100x80000000000000004025977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505302b7e6deaed02021-12-22 12:46:11.703root 11241100x80000000000000004025978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c307793f159d7b2021-12-22 12:46:11.703root 11241100x80000000000000004025979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a212271b737d50932021-12-22 12:46:11.703root 11241100x80000000000000004025980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2143d688b87698f2021-12-22 12:46:12.192root 11241100x80000000000000004025981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a38dd1293e93102021-12-22 12:46:12.193root 11241100x80000000000000004025982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f87f1427dcafc8c2021-12-22 12:46:12.193root 11241100x80000000000000004025983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69a846f634544062021-12-22 12:46:12.193root 11241100x80000000000000004025984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67740bfbc391faae2021-12-22 12:46:12.194root 11241100x80000000000000004025985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95591110eb342b42021-12-22 12:46:12.194root 11241100x80000000000000004025986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee0cd7b770e7dc52021-12-22 12:46:12.194root 11241100x80000000000000004025987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966e614ed5d1f30e2021-12-22 12:46:12.195root 11241100x80000000000000004025988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cb7addac92edde2021-12-22 12:46:12.195root 11241100x80000000000000004025989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2714f485f778cb102021-12-22 12:46:12.195root 11241100x80000000000000004025990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6305c1965eae97bf2021-12-22 12:46:12.196root 11241100x80000000000000004025991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b68907e548a2802021-12-22 12:46:12.196root 11241100x80000000000000004025992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8811153daf6317172021-12-22 12:46:12.196root 11241100x80000000000000004025993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6b38d355f77932021-12-22 12:46:12.196root 11241100x80000000000000004025994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7558a61945d33f92021-12-22 12:46:12.196root 11241100x80000000000000004025995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07c1b72b19a8f332021-12-22 12:46:12.196root 11241100x80000000000000004025996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a80ab26740676f62021-12-22 12:46:12.196root 11241100x80000000000000004025997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6516681b533133f52021-12-22 12:46:12.196root 11241100x80000000000000004025998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08117cb157dba062021-12-22 12:46:12.197root 11241100x80000000000000004025999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e1ee71ba1d5c932021-12-22 12:46:12.197root 11241100x80000000000000004026000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3544c3f751e7572021-12-22 12:46:12.197root 11241100x80000000000000004026001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f505ec0d4dc529f62021-12-22 12:46:12.197root 11241100x80000000000000004026002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f68afbe767776bd2021-12-22 12:46:12.197root 11241100x80000000000000004026003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7996ba328cdf2ec12021-12-22 12:46:12.197root 11241100x80000000000000004026004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4020dd5482a8e8c2021-12-22 12:46:12.197root 11241100x80000000000000004026005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb49c249b03d22802021-12-22 12:46:12.197root 11241100x80000000000000004026006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91b60043254d2172021-12-22 12:46:12.197root 11241100x80000000000000004026007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e532d1ceca4c3962021-12-22 12:46:12.197root 11241100x80000000000000004026008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7d2ebf6bb758612021-12-22 12:46:12.198root 11241100x80000000000000004026009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77274a93b7352362021-12-22 12:46:12.198root 11241100x80000000000000004026010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cdd90b66b3f8842021-12-22 12:46:12.198root 11241100x80000000000000004026011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dddf04e4187bed72021-12-22 12:46:12.198root 11241100x80000000000000004026012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03cb1da82d4d3722021-12-22 12:46:12.198root 11241100x80000000000000004026013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a085b3d5625920d92021-12-22 12:46:12.198root 11241100x80000000000000004026014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994be8b77c002f502021-12-22 12:46:12.198root 11241100x80000000000000004026015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3258a3efc6d945712021-12-22 12:46:12.198root 11241100x80000000000000004026016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7cce3527187aba2021-12-22 12:46:12.198root 11241100x80000000000000004026017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84f06f15788e2b52021-12-22 12:46:12.198root 11241100x80000000000000004026018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163302f6ba0b6bd22021-12-22 12:46:12.199root 11241100x80000000000000004026019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08083d53cece84722021-12-22 12:46:12.199root 11241100x80000000000000004026020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3efb8b59c9a55b22021-12-22 12:46:12.199root 11241100x80000000000000004026021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ce1b82f179b2872021-12-22 12:46:12.693root 11241100x80000000000000004026022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a2ee08852bdc432021-12-22 12:46:12.693root 11241100x80000000000000004026023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06349dbd5040b9762021-12-22 12:46:12.693root 11241100x80000000000000004026024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ec59d45d1cbd2a2021-12-22 12:46:12.694root 11241100x80000000000000004026025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca50b0744becd3732021-12-22 12:46:12.694root 11241100x80000000000000004026026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99272f980ebbcb12021-12-22 12:46:12.694root 11241100x80000000000000004026027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e266db67f90600392021-12-22 12:46:12.694root 11241100x80000000000000004026028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32990a86fc2d48662021-12-22 12:46:12.694root 11241100x80000000000000004026029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e244187df6185c3d2021-12-22 12:46:12.694root 11241100x80000000000000004026030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a18072891322472021-12-22 12:46:12.694root 11241100x80000000000000004026031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c8ea3f786932202021-12-22 12:46:12.695root 11241100x80000000000000004026032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbbcf5e525db1902021-12-22 12:46:12.695root 11241100x80000000000000004026033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f381544dce354e2021-12-22 12:46:12.695root 11241100x80000000000000004026034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4236f0d3a5e712e42021-12-22 12:46:12.695root 11241100x80000000000000004026035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef19dfeb734a6f1c2021-12-22 12:46:12.697root 11241100x80000000000000004026036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d9e867bc5288892021-12-22 12:46:12.697root 11241100x80000000000000004026037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05797f73018410382021-12-22 12:46:12.697root 11241100x80000000000000004026038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59040eddd9f96bc32021-12-22 12:46:12.698root 11241100x80000000000000004026039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b108e511c29ada7f2021-12-22 12:46:12.698root 11241100x80000000000000004026040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906444762ed4434d2021-12-22 12:46:12.698root 11241100x80000000000000004026041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78eff3380131fb02021-12-22 12:46:12.698root 11241100x80000000000000004026042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc870b6a2be62882021-12-22 12:46:12.698root 11241100x80000000000000004026043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920df6e6ed348da92021-12-22 12:46:12.698root 11241100x80000000000000004026044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae4397170e49a062021-12-22 12:46:12.698root 11241100x80000000000000004026045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f8b91d64863e8b2021-12-22 12:46:12.699root 11241100x80000000000000004026046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4dcdce523d49b62021-12-22 12:46:12.699root 11241100x80000000000000004026047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6727d2b30d47972021-12-22 12:46:12.699root 11241100x80000000000000004026048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab9255ae548cd632021-12-22 12:46:12.699root 11241100x80000000000000004026049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67369f932d1387362021-12-22 12:46:12.699root 11241100x80000000000000004026050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640dfbfa9ac651552021-12-22 12:46:12.699root 11241100x80000000000000004026051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd20c83254b9276e2021-12-22 12:46:12.699root 11241100x80000000000000004026052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d827f87df1cdd372021-12-22 12:46:12.700root 11241100x80000000000000004026053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93eaa0c97ff95a042021-12-22 12:46:12.700root 11241100x80000000000000004026054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452baaeb23de966a2021-12-22 12:46:12.700root 11241100x80000000000000004026055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b66a6b15e4e09d2021-12-22 12:46:12.700root 11241100x80000000000000004026056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae10bae4cb28a7602021-12-22 12:46:12.700root 11241100x80000000000000004026057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0d5df8ab9777142021-12-22 12:46:12.700root 11241100x80000000000000004026058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256b3b9f210145b72021-12-22 12:46:12.700root 11241100x80000000000000004026059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ef88a99409a6b62021-12-22 12:46:12.700root 11241100x80000000000000004026060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:12.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97131ff9fce46f612021-12-22 12:46:12.700root 11241100x80000000000000004026061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88611f5044545fcd2021-12-22 12:46:13.193root 11241100x80000000000000004026062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba7a3b46ba6cb082021-12-22 12:46:13.194root 11241100x80000000000000004026063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ff548defbf840c2021-12-22 12:46:13.194root 11241100x80000000000000004026064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63763bcb22079b232021-12-22 12:46:13.194root 11241100x80000000000000004026065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3e36ee54d10b972021-12-22 12:46:13.194root 11241100x80000000000000004026066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e626a752f2cee94c2021-12-22 12:46:13.194root 11241100x80000000000000004026067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95615d303e237f22021-12-22 12:46:13.195root 11241100x80000000000000004026068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6124745eafb177e12021-12-22 12:46:13.195root 11241100x80000000000000004026069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e1c08e186beae62021-12-22 12:46:13.195root 11241100x80000000000000004026070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b72fd164ca8b912021-12-22 12:46:13.195root 11241100x80000000000000004026071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754aeff720b0f8522021-12-22 12:46:13.195root 11241100x80000000000000004026072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33b087f5ac91edc2021-12-22 12:46:13.195root 11241100x80000000000000004026073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cc0f109212d24e2021-12-22 12:46:13.196root 11241100x80000000000000004026074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b29cf5470a73272021-12-22 12:46:13.196root 11241100x80000000000000004026075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee83bbe3917307672021-12-22 12:46:13.196root 11241100x80000000000000004026076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ff0f58bdd5bc4a2021-12-22 12:46:13.196root 11241100x80000000000000004026077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c9b4f4024739fb2021-12-22 12:46:13.196root 11241100x80000000000000004026078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e64035ed1ff7e72021-12-22 12:46:13.196root 11241100x80000000000000004026079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b1f69cdbb8ccc02021-12-22 12:46:13.196root 11241100x80000000000000004026080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1b7ee2524d992c2021-12-22 12:46:13.197root 11241100x80000000000000004026081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822d7b217fb2df6a2021-12-22 12:46:13.197root 11241100x80000000000000004026082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535f084e606089282021-12-22 12:46:13.197root 11241100x80000000000000004026083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908ce23d089d15af2021-12-22 12:46:13.197root 11241100x80000000000000004026084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9744006ecd25bba2021-12-22 12:46:13.197root 11241100x80000000000000004026085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f15a2d99eb51152021-12-22 12:46:13.197root 11241100x80000000000000004026086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796fdb66efc726772021-12-22 12:46:13.198root 11241100x80000000000000004026087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8f8ee97bb143022021-12-22 12:46:13.198root 11241100x80000000000000004026088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9798d87ea55989b82021-12-22 12:46:13.198root 11241100x80000000000000004026089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d678941138d793962021-12-22 12:46:13.198root 11241100x80000000000000004026090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233b33c3991ea9c12021-12-22 12:46:13.198root 11241100x80000000000000004026091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c05a625abf20c212021-12-22 12:46:13.198root 11241100x80000000000000004026092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f17c3bda9884b62021-12-22 12:46:13.198root 11241100x80000000000000004026093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c29ce2816651f842021-12-22 12:46:13.199root 11241100x80000000000000004026094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa4f5d0179e0f8e2021-12-22 12:46:13.199root 11241100x80000000000000004026095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515fa7334c3fbe4c2021-12-22 12:46:13.199root 11241100x80000000000000004026096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5691f7ed02b1c782021-12-22 12:46:13.199root 11241100x80000000000000004026097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9d0ba2e659a0c02021-12-22 12:46:13.199root 11241100x80000000000000004026098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d234853db09265e2021-12-22 12:46:13.199root 11241100x80000000000000004026099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d178ab2dbd609b32021-12-22 12:46:13.200root 11241100x80000000000000004026100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e405530bca2520602021-12-22 12:46:13.200root 11241100x80000000000000004026101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5bf9f94edc733f2021-12-22 12:46:13.200root 11241100x80000000000000004026102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba485167455699592021-12-22 12:46:13.200root 11241100x80000000000000004026103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e569a2f4a741fd152021-12-22 12:46:13.200root 11241100x80000000000000004026104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c272356e6de063d2021-12-22 12:46:13.200root 11241100x80000000000000004026105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421fd718c5b9bc812021-12-22 12:46:13.200root 11241100x80000000000000004026106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db18dc917cc0f3a2021-12-22 12:46:13.201root 11241100x80000000000000004026107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1809db09735369792021-12-22 12:46:13.201root 11241100x80000000000000004026108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a36f0783fb6c3f72021-12-22 12:46:13.201root 11241100x80000000000000004026109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3645a6dbb35eb7d42021-12-22 12:46:13.201root 11241100x80000000000000004026110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee9d22b69a3825b2021-12-22 12:46:13.201root 11241100x80000000000000004026111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099511078e71fc402021-12-22 12:46:13.201root 11241100x80000000000000004026112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0459de7f907b50742021-12-22 12:46:13.202root 11241100x80000000000000004026113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f8608740ee0d4f2021-12-22 12:46:13.202root 11241100x80000000000000004026114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670522c8979c35532021-12-22 12:46:13.202root 11241100x80000000000000004026115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0f6cf4985dae7f2021-12-22 12:46:13.202root 11241100x80000000000000004026116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a93db29eea573182021-12-22 12:46:13.202root 11241100x80000000000000004026117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928e620a58ff58dc2021-12-22 12:46:13.202root 11241100x80000000000000004026118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e5f70bdf3cca5c2021-12-22 12:46:13.202root 11241100x80000000000000004026119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4cc490d17d13a92021-12-22 12:46:13.203root 11241100x80000000000000004026120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470ae5b03c4cbae22021-12-22 12:46:13.203root 11241100x80000000000000004026121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661c314682e5e9e52021-12-22 12:46:13.203root 11241100x80000000000000004026122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800dbc88d89b3bf02021-12-22 12:46:13.203root 11241100x80000000000000004026123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ab803dd778e93c2021-12-22 12:46:13.203root 11241100x80000000000000004026124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc51f850754d7032021-12-22 12:46:13.203root 11241100x80000000000000004026125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea30a4a94550f772021-12-22 12:46:13.203root 11241100x80000000000000004026126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c3f664adfd22982021-12-22 12:46:13.203root 11241100x80000000000000004026127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce1977db78f46f22021-12-22 12:46:13.203root 11241100x80000000000000004026128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891f6a442f05f46d2021-12-22 12:46:13.204root 11241100x80000000000000004026129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a225542af171c522021-12-22 12:46:13.204root 11241100x80000000000000004026130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b407f4bbc2acccf2021-12-22 12:46:13.204root 11241100x80000000000000004026131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711816532080b8ef2021-12-22 12:46:13.204root 11241100x80000000000000004026132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e962aa79178c425e2021-12-22 12:46:13.204root 11241100x80000000000000004026133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1b3b3107a865282021-12-22 12:46:13.204root 11241100x80000000000000004026134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f317704d7f67f7262021-12-22 12:46:13.204root 11241100x80000000000000004026135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee36bd4a494d75ee2021-12-22 12:46:13.205root 11241100x80000000000000004026136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6323f0a16e68bbf12021-12-22 12:46:13.205root 11241100x80000000000000004026137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a253557515ce41c62021-12-22 12:46:13.205root 11241100x80000000000000004026138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cab8dc80f86aa82021-12-22 12:46:13.205root 11241100x80000000000000004026139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce4c9b8307aaa852021-12-22 12:46:13.205root 11241100x80000000000000004026140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54a32782a25f6f12021-12-22 12:46:13.205root 11241100x80000000000000004026141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4c4d46216f48302021-12-22 12:46:13.206root 11241100x80000000000000004026142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31af8d7a8f6663772021-12-22 12:46:13.206root 11241100x80000000000000004026143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f36510969b6d182021-12-22 12:46:13.206root 11241100x80000000000000004026144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0ef7097ba432f52021-12-22 12:46:13.206root 11241100x80000000000000004026145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9718efa52db27a2021-12-22 12:46:13.206root 11241100x80000000000000004026146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec065acc9fea8672021-12-22 12:46:13.206root 11241100x80000000000000004026147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602b9048cb54eb642021-12-22 12:46:13.207root 11241100x80000000000000004026148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166e6eb15193e6c92021-12-22 12:46:13.207root 11241100x80000000000000004026149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d17d3afc133af32021-12-22 12:46:13.207root 11241100x80000000000000004026150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4301dfa199c2c4b32021-12-22 12:46:13.207root 11241100x80000000000000004026151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d025ca969d7d845a2021-12-22 12:46:13.207root 11241100x80000000000000004026152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de00bec11fdf9fad2021-12-22 12:46:13.207root 11241100x80000000000000004026153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f648b8002af6233f2021-12-22 12:46:13.207root 11241100x80000000000000004026154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa898becb9d100a2021-12-22 12:46:13.208root 11241100x80000000000000004026155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3142a2e229e7d89f2021-12-22 12:46:13.208root 11241100x80000000000000004026156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0f4cbbae295fd32021-12-22 12:46:13.208root 11241100x80000000000000004026157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9867873b57c4902021-12-22 12:46:13.208root 11241100x80000000000000004026158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95d111b46b877192021-12-22 12:46:13.208root 11241100x80000000000000004026159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f677c339c659682021-12-22 12:46:13.208root 11241100x80000000000000004026160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3749962b2f8a8ab2021-12-22 12:46:13.208root 11241100x80000000000000004026161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df3d77e81d010c32021-12-22 12:46:13.208root 11241100x80000000000000004026162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa7a75ec94f40c82021-12-22 12:46:13.208root 11241100x80000000000000004026163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c64dfae319bf2282021-12-22 12:46:13.208root 11241100x80000000000000004026164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641c2804f0f54f842021-12-22 12:46:13.209root 11241100x80000000000000004026165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74f2d1cc329102d2021-12-22 12:46:13.209root 11241100x80000000000000004026166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df642cb6b4d023ee2021-12-22 12:46:13.209root 11241100x80000000000000004026167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa1d41e22db315e2021-12-22 12:46:13.209root 11241100x80000000000000004026168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27087e509c3f01c2021-12-22 12:46:13.209root 11241100x80000000000000004026169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2995b7e690224362021-12-22 12:46:13.209root 11241100x80000000000000004026170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6dfddca398d2742021-12-22 12:46:13.209root 11241100x80000000000000004026171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4624e6020a85fd6e2021-12-22 12:46:13.209root 11241100x80000000000000004026172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f975e848e868fdb2021-12-22 12:46:13.209root 11241100x80000000000000004026173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3c51f9dd774ff22021-12-22 12:46:13.209root 11241100x80000000000000004026174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca14ffe2d9ed6122021-12-22 12:46:13.209root 154100x80000000000000004026175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.572{ec2b6afe-1e15-61c3-e8d6-c4b669550000}22725/bin/ls-----ls --color=auto -l/lib/modules/5.4.0-1060-aws/kernel/driversubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000004026176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.574{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9b9306022acab02021-12-22 12:46:13.574root 11241100x80000000000000004026177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.574{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3a2a9d1e5580cf2021-12-22 12:46:13.574root 534500x80000000000000004026178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.575{ec2b6afe-1e15-61c3-e8d6-c4b669550000}22725/bin/lsubuntu 11241100x80000000000000004026179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.575{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d063bb48a8f7672021-12-22 12:46:13.575root 11241100x80000000000000004026180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.575{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889ff90f9e5daea32021-12-22 12:46:13.575root 11241100x80000000000000004026181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.575{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27bafa63eb0756c2021-12-22 12:46:13.575root 11241100x80000000000000004026182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.576{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0d53037cb1f28d2021-12-22 12:46:13.576root 11241100x80000000000000004026183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.576{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c17699fcb7ab9102021-12-22 12:46:13.576root 11241100x80000000000000004026184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.576{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b158cf629282692021-12-22 12:46:13.576root 11241100x80000000000000004026185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.576{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0344559f27373f02021-12-22 12:46:13.576root 11241100x80000000000000004026186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.577{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1930f925e1fd36cd2021-12-22 12:46:13.577root 11241100x80000000000000004026187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.577{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3541aa17f6fb5b132021-12-22 12:46:13.577root 11241100x80000000000000004026188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.577{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9b73e150bc06e82021-12-22 12:46:13.577root 11241100x80000000000000004026189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.578{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606c01a34f6d222f2021-12-22 12:46:13.578root 11241100x80000000000000004026190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.578{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d443e29430a2b02021-12-22 12:46:13.578root 11241100x80000000000000004026191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.578{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45796e0c89ab0402021-12-22 12:46:13.578root 11241100x80000000000000004026192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9287b4a2cc997c2021-12-22 12:46:13.579root 11241100x80000000000000004026193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44885050e9c3cd52021-12-22 12:46:13.579root 11241100x80000000000000004026194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5d8f71f7cb16ee2021-12-22 12:46:13.579root 11241100x80000000000000004026195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30e5b1f1f921f2a2021-12-22 12:46:13.579root 11241100x80000000000000004026196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9423559130a12df82021-12-22 12:46:13.579root 11241100x80000000000000004026197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dcc02b579b59962021-12-22 12:46:13.579root 11241100x80000000000000004026198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab53c2f62d4c6de2021-12-22 12:46:13.579root 11241100x80000000000000004026199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac82e6a653478452021-12-22 12:46:13.580root 11241100x80000000000000004026200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b172e4637c1adf82021-12-22 12:46:13.580root 11241100x80000000000000004026201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6508ecc228952552021-12-22 12:46:13.580root 11241100x80000000000000004026202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7722920a806f81cf2021-12-22 12:46:13.580root 11241100x80000000000000004026203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a8a7b121b10bf12021-12-22 12:46:13.580root 11241100x80000000000000004026204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421abe94cdf9b7652021-12-22 12:46:13.580root 11241100x80000000000000004026205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26265d803247d852021-12-22 12:46:13.580root 11241100x80000000000000004026206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388c47680766b3a52021-12-22 12:46:13.580root 11241100x80000000000000004026207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24e7f8286f9fa832021-12-22 12:46:13.580root 11241100x80000000000000004026208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.581{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b995d7e143727a2021-12-22 12:46:13.581root 11241100x80000000000000004026209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.581{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e0020095e686f2021-12-22 12:46:13.581root 11241100x80000000000000004026210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.581{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdb7f2088f4b3022021-12-22 12:46:13.581root 11241100x80000000000000004026211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.581{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43e728ea8df8ec92021-12-22 12:46:13.581root 11241100x80000000000000004026212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.581{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f818f3d61df4c93e2021-12-22 12:46:13.581root 11241100x80000000000000004026213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.581{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035cf4ac7f6f47de2021-12-22 12:46:13.581root 11241100x80000000000000004026214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.581{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae29ea20d92eba62021-12-22 12:46:13.581root 11241100x80000000000000004026215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.581{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983c60783d8b83972021-12-22 12:46:13.581root 11241100x80000000000000004026216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c3098269ac95952021-12-22 12:46:13.943root 11241100x80000000000000004026217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc48366a423023222021-12-22 12:46:13.943root 11241100x80000000000000004026218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69039572547366de2021-12-22 12:46:13.943root 11241100x80000000000000004026219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7de8978c04766512021-12-22 12:46:13.943root 11241100x80000000000000004026220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e168b66fc4bc06272021-12-22 12:46:13.944root 11241100x80000000000000004026221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2047db079f96e00f2021-12-22 12:46:13.944root 11241100x80000000000000004026222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7858320125ce802021-12-22 12:46:13.944root 11241100x80000000000000004026223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afae45ff26abf6a42021-12-22 12:46:13.944root 11241100x80000000000000004026224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d7d0ba60d903e72021-12-22 12:46:13.944root 11241100x80000000000000004026225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5deda2d6d64a2e992021-12-22 12:46:13.944root 11241100x80000000000000004026226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dae3aa8e3a68e462021-12-22 12:46:13.944root 11241100x80000000000000004026227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25727f23bcf5da62021-12-22 12:46:13.944root 11241100x80000000000000004026228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4efa070d1ae1dd2021-12-22 12:46:13.944root 11241100x80000000000000004026229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d7c618c80f55332021-12-22 12:46:13.944root 11241100x80000000000000004026230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de26efe66361fed22021-12-22 12:46:13.944root 11241100x80000000000000004026231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e63743a925bc4282021-12-22 12:46:13.944root 11241100x80000000000000004026232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85644b36d43aaa2d2021-12-22 12:46:13.944root 11241100x80000000000000004026233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a55ab21ff3587132021-12-22 12:46:13.944root 11241100x80000000000000004026234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd590e5c808a49202021-12-22 12:46:13.944root 11241100x80000000000000004026235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70b417d5d1a4ca52021-12-22 12:46:13.944root 11241100x80000000000000004026236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ddae8884e543552021-12-22 12:46:13.945root 11241100x80000000000000004026237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93656b7887d499e2021-12-22 12:46:13.945root 11241100x80000000000000004026238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c914ac513c0d08882021-12-22 12:46:13.945root 11241100x80000000000000004026239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ba29af7f5309832021-12-22 12:46:13.945root 11241100x80000000000000004026240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4561cfd49d7e1d0f2021-12-22 12:46:13.945root 11241100x80000000000000004026241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f78aab013294452021-12-22 12:46:13.945root 11241100x80000000000000004026242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54d36754b45ab5b2021-12-22 12:46:13.945root 11241100x80000000000000004026243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10f2b8a64fe81182021-12-22 12:46:13.945root 11241100x80000000000000004026244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e4e3220c755e7e2021-12-22 12:46:13.945root 11241100x80000000000000004026245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559ea3b3ca9cc26a2021-12-22 12:46:13.945root 11241100x80000000000000004026246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b76547bfb14332e2021-12-22 12:46:13.946root 11241100x80000000000000004026247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a39107343399f792021-12-22 12:46:13.946root 11241100x80000000000000004026248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883aee374e658fb52021-12-22 12:46:13.946root 11241100x80000000000000004026249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0b9ca3e4dcbe412021-12-22 12:46:13.946root 11241100x80000000000000004026250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1372ebdb3fab6f52021-12-22 12:46:13.946root 11241100x80000000000000004026251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcdc78372bc97a52021-12-22 12:46:14.447root 11241100x80000000000000004026252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b763d2be27c04412021-12-22 12:46:14.447root 11241100x80000000000000004026253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb8a339391d74cb2021-12-22 12:46:14.447root 11241100x80000000000000004026254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36295a25cbdd31eb2021-12-22 12:46:14.447root 11241100x80000000000000004026255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da2cf93658f9ee92021-12-22 12:46:14.447root 11241100x80000000000000004026256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ca230b9dea9ddc2021-12-22 12:46:14.448root 11241100x80000000000000004026257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ad7adef67ae6d42021-12-22 12:46:14.448root 11241100x80000000000000004026258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bab125302c67332021-12-22 12:46:14.448root 11241100x80000000000000004026259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607fd974400afdd72021-12-22 12:46:14.448root 11241100x80000000000000004026260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af11065bfb41a182021-12-22 12:46:14.448root 11241100x80000000000000004026261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6e8d9f2445addc2021-12-22 12:46:14.449root 11241100x80000000000000004026262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0ef99e2b5b876b2021-12-22 12:46:14.449root 11241100x80000000000000004026263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adf63373cf37a062021-12-22 12:46:14.449root 11241100x80000000000000004026264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8192755d2a1ff8ce2021-12-22 12:46:14.449root 11241100x80000000000000004026265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ccb321e8dbcde72021-12-22 12:46:14.449root 11241100x80000000000000004026266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c47544a979599c2021-12-22 12:46:14.449root 11241100x80000000000000004026267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25297e8013bd9b82021-12-22 12:46:14.449root 11241100x80000000000000004026268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0ba49e3a7053e42021-12-22 12:46:14.449root 11241100x80000000000000004026269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a118bed70dff17f42021-12-22 12:46:14.449root 11241100x80000000000000004026270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df868f1e90e909092021-12-22 12:46:14.450root 11241100x80000000000000004026271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472bda979de90deb2021-12-22 12:46:14.450root 11241100x80000000000000004026272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3015f8debc78f6912021-12-22 12:46:14.450root 11241100x80000000000000004026273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06764ab9831be1c02021-12-22 12:46:14.450root 11241100x80000000000000004026274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa704fd45c082a1d2021-12-22 12:46:14.450root 11241100x80000000000000004026275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f2af90a57380362021-12-22 12:46:14.450root 11241100x80000000000000004026276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ebd705ac879e362021-12-22 12:46:14.450root 11241100x80000000000000004026277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829a47d801ee1b8e2021-12-22 12:46:14.450root 11241100x80000000000000004026278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73694544dd62f0a92021-12-22 12:46:14.451root 11241100x80000000000000004026279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fc7994634ca0ad2021-12-22 12:46:14.451root 11241100x80000000000000004026280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e651a8197e14022021-12-22 12:46:14.451root 11241100x80000000000000004026281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f338a1f32b13dea82021-12-22 12:46:14.451root 11241100x80000000000000004026282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f4ecd503733b7f2021-12-22 12:46:14.451root 11241100x80000000000000004026283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4779511d21e0d152021-12-22 12:46:14.453root 11241100x80000000000000004026284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcf88ee1421997c2021-12-22 12:46:14.453root 11241100x80000000000000004026285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae00c1bd6b02aa082021-12-22 12:46:14.453root 11241100x80000000000000004026286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc616061aa563d802021-12-22 12:46:14.943root 11241100x80000000000000004026287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4044f1c6708b4442021-12-22 12:46:14.943root 11241100x80000000000000004026288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a30619bc9d07d12021-12-22 12:46:14.944root 11241100x80000000000000004026289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193ed4b3669b84902021-12-22 12:46:14.944root 11241100x80000000000000004026290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae6f2cf5a01b07a2021-12-22 12:46:14.944root 11241100x80000000000000004026291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4493a3c2b2a62c2021-12-22 12:46:14.944root 11241100x80000000000000004026292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379e9d47e182621c2021-12-22 12:46:14.944root 11241100x80000000000000004026293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99bba43d0228fbe2021-12-22 12:46:14.945root 11241100x80000000000000004026294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c687520c3dc1901d2021-12-22 12:46:14.945root 11241100x80000000000000004026295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54d5c15ecf5b94d2021-12-22 12:46:14.945root 11241100x80000000000000004026296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95e1bab7232f5e82021-12-22 12:46:14.945root 11241100x80000000000000004026297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa384d7e0d36dab2021-12-22 12:46:14.945root 11241100x80000000000000004026298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30ea9dcae52a0e22021-12-22 12:46:14.946root 11241100x80000000000000004026299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8884b8beaf5cc8162021-12-22 12:46:14.946root 11241100x80000000000000004026300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fb435c981de4882021-12-22 12:46:14.946root 11241100x80000000000000004026301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff39fd0c75dca512021-12-22 12:46:14.946root 11241100x80000000000000004026302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce9878847a1ce312021-12-22 12:46:14.946root 11241100x80000000000000004026303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fb4883fbc5bd8b2021-12-22 12:46:14.946root 11241100x80000000000000004026304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62025718aab2f7c72021-12-22 12:46:14.946root 11241100x80000000000000004026305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9f25f5d12c9a752021-12-22 12:46:14.946root 11241100x80000000000000004026306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885eca853ed702562021-12-22 12:46:14.947root 11241100x80000000000000004026307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0b1399492e32562021-12-22 12:46:14.947root 11241100x80000000000000004026308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655c86e7757d68912021-12-22 12:46:14.947root 11241100x80000000000000004026309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f368b5f9af7edcf2021-12-22 12:46:14.947root 11241100x80000000000000004026310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c30b304364b8b22021-12-22 12:46:14.947root 11241100x80000000000000004026311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26df7d40b48b04582021-12-22 12:46:14.947root 11241100x80000000000000004026312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d37546ef718d682021-12-22 12:46:14.947root 11241100x80000000000000004026313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d5a7d0ebe729042021-12-22 12:46:14.947root 11241100x80000000000000004026314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0207d8ffdcf3d4ee2021-12-22 12:46:14.947root 11241100x80000000000000004026315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd808b99d2f58c42021-12-22 12:46:14.947root 11241100x80000000000000004026316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa20f6243a0e6682021-12-22 12:46:14.948root 11241100x80000000000000004026317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a245fb63733279c2021-12-22 12:46:14.948root 11241100x80000000000000004026318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c23bc22ca571c52021-12-22 12:46:14.948root 11241100x80000000000000004026319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8471e904080a3e72021-12-22 12:46:14.948root 11241100x80000000000000004026320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b84d7fd7733d122021-12-22 12:46:14.948root 11241100x80000000000000004026321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9262c9ae8fbed62021-12-22 12:46:14.948root 11241100x80000000000000004026322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f8f0924d9f46ae2021-12-22 12:46:15.443root 11241100x80000000000000004026323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2804d1bdd05af5402021-12-22 12:46:15.443root 11241100x80000000000000004026324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09a7ab04356ff942021-12-22 12:46:15.444root 11241100x80000000000000004026325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d5d0d1adeb6d752021-12-22 12:46:15.444root 11241100x80000000000000004026326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84877e594a0b27a92021-12-22 12:46:15.444root 11241100x80000000000000004026327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3bb263fd7ca6cf2021-12-22 12:46:15.444root 11241100x80000000000000004026328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaac4d43c1c7a62d2021-12-22 12:46:15.444root 11241100x80000000000000004026329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9136adce97d8312021-12-22 12:46:15.444root 11241100x80000000000000004026330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9adcd6c195aa4742021-12-22 12:46:15.444root 11241100x80000000000000004026331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224d9e7017bcc8732021-12-22 12:46:15.444root 11241100x80000000000000004026332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277e21309a69fe642021-12-22 12:46:15.444root 11241100x80000000000000004026333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28891f721041f6b52021-12-22 12:46:15.445root 11241100x80000000000000004026334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f21b5b703a3037d2021-12-22 12:46:15.445root 11241100x80000000000000004026335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0e28e7719e69892021-12-22 12:46:15.445root 11241100x80000000000000004026336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966842968efb57dd2021-12-22 12:46:15.445root 11241100x80000000000000004026337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112f8ec73b710e9d2021-12-22 12:46:15.446root 11241100x80000000000000004026338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cece6154052a3d2021-12-22 12:46:15.446root 11241100x80000000000000004026339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9cd880717439c12021-12-22 12:46:15.446root 11241100x80000000000000004026340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083e4654693e54e62021-12-22 12:46:15.446root 11241100x80000000000000004026341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a1a2304393a9502021-12-22 12:46:15.446root 11241100x80000000000000004026342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2652d5ae799fa03f2021-12-22 12:46:15.446root 11241100x80000000000000004026343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15175ceb914e4a62021-12-22 12:46:15.446root 11241100x80000000000000004026344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3ffb92517015722021-12-22 12:46:15.446root 11241100x80000000000000004026345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1592fbacc1c7c82021-12-22 12:46:15.446root 11241100x80000000000000004026346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe9dd12b7cb33a52021-12-22 12:46:15.447root 11241100x80000000000000004026347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c49fab9c742c9c32021-12-22 12:46:15.447root 11241100x80000000000000004026348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e398507d08a0572021-12-22 12:46:15.447root 11241100x80000000000000004026349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50522cf0a650b8152021-12-22 12:46:15.447root 11241100x80000000000000004026350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6309462301bc4ed32021-12-22 12:46:15.447root 11241100x80000000000000004026351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0850f6f026a2296e2021-12-22 12:46:15.447root 11241100x80000000000000004026352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127b1c5ce44cd8002021-12-22 12:46:15.447root 11241100x80000000000000004026353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8338fa8ffd6901a92021-12-22 12:46:15.447root 11241100x80000000000000004026354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e040e66fcf326b902021-12-22 12:46:15.447root 11241100x80000000000000004026355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d05871d645185822021-12-22 12:46:15.448root 11241100x80000000000000004026356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b5a1d9c0b54d432021-12-22 12:46:15.448root 11241100x80000000000000004026357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86acb1d8790569752021-12-22 12:46:15.448root 11241100x80000000000000004026358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb2568252a607f72021-12-22 12:46:15.448root 11241100x80000000000000004026359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6452e77fb34b488c2021-12-22 12:46:15.943root 11241100x80000000000000004026360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f58f9631bd33f232021-12-22 12:46:15.943root 11241100x80000000000000004026361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624841c958c452612021-12-22 12:46:15.943root 11241100x80000000000000004026362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca99ce08eb8fb382021-12-22 12:46:15.944root 11241100x80000000000000004026363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679dde6e2fa7f0172021-12-22 12:46:15.944root 11241100x80000000000000004026364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e8b0eb539d1d582021-12-22 12:46:15.944root 11241100x80000000000000004026365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e2651a4e3184632021-12-22 12:46:15.944root 11241100x80000000000000004026366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dc2c7b24e2c5d42021-12-22 12:46:15.944root 11241100x80000000000000004026367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fe3679b85fe9082021-12-22 12:46:15.944root 11241100x80000000000000004026368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c13be6a552ca0f92021-12-22 12:46:15.944root 11241100x80000000000000004026369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5776ff18f0fc0642021-12-22 12:46:15.944root 11241100x80000000000000004026370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6058348b738f28f2021-12-22 12:46:15.944root 11241100x80000000000000004026371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4142f8799fd12e2021-12-22 12:46:15.944root 11241100x80000000000000004026372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73775abc525e18e2021-12-22 12:46:15.944root 11241100x80000000000000004026373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6690521be5e0072021-12-22 12:46:15.944root 11241100x80000000000000004026374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9723724742e655172021-12-22 12:46:15.944root 11241100x80000000000000004026375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701ea42632a49be72021-12-22 12:46:15.945root 11241100x80000000000000004026376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fb054c7d9825f42021-12-22 12:46:15.945root 11241100x80000000000000004026377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f68d0cc343ee8032021-12-22 12:46:15.945root 11241100x80000000000000004026378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd0ad333c3c9af82021-12-22 12:46:15.945root 11241100x80000000000000004026379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d7bd4700644cf02021-12-22 12:46:15.945root 11241100x80000000000000004026380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffecce44c39aab92021-12-22 12:46:15.945root 11241100x80000000000000004026381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea440d167db59a02021-12-22 12:46:15.945root 11241100x80000000000000004026382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556f28acdb5380a12021-12-22 12:46:15.945root 11241100x80000000000000004026383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e03f5c046b68d942021-12-22 12:46:15.945root 11241100x80000000000000004026384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cff7040ee3b256e2021-12-22 12:46:15.945root 11241100x80000000000000004026385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef5896be2cc392b2021-12-22 12:46:15.945root 11241100x80000000000000004026386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbea7807f8a99252021-12-22 12:46:15.946root 11241100x80000000000000004026387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804ff23bcffa032b2021-12-22 12:46:15.946root 11241100x80000000000000004026388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03c772033311e012021-12-22 12:46:15.946root 11241100x80000000000000004026389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad556d37d0ce7e052021-12-22 12:46:15.946root 11241100x80000000000000004026390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1d506168a101742021-12-22 12:46:15.946root 11241100x80000000000000004026391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2438ce9f6760ba7c2021-12-22 12:46:15.946root 11241100x80000000000000004026392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfef752f35f0a4252021-12-22 12:46:15.946root 11241100x80000000000000004026393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9942cabcace9232021-12-22 12:46:15.946root 11241100x80000000000000004026394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781192949d061f8d2021-12-22 12:46:15.946root 11241100x80000000000000004026395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcf3112f0b5d1e32021-12-22 12:46:16.442root 11241100x80000000000000004026396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa215cb7a442e1b2021-12-22 12:46:16.443root 11241100x80000000000000004026397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c195a88b39e189e02021-12-22 12:46:16.443root 11241100x80000000000000004026398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ce27a1072b07272021-12-22 12:46:16.443root 11241100x80000000000000004026399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b96a10a1e4e1a682021-12-22 12:46:16.443root 11241100x80000000000000004026400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b3223081f48cd92021-12-22 12:46:16.443root 11241100x80000000000000004026401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3150ff2b5754dfc22021-12-22 12:46:16.443root 11241100x80000000000000004026402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d79d64f583c2ba2021-12-22 12:46:16.443root 11241100x80000000000000004026403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c528b920ea81b3542021-12-22 12:46:16.443root 11241100x80000000000000004026404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf56e5971252c9322021-12-22 12:46:16.443root 11241100x80000000000000004026405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ea95f5cdc1550f2021-12-22 12:46:16.443root 11241100x80000000000000004026406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a755e02dddd1b12021-12-22 12:46:16.444root 11241100x80000000000000004026407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d96c53a4329b932021-12-22 12:46:16.444root 11241100x80000000000000004026408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25e761df9368fb12021-12-22 12:46:16.444root 11241100x80000000000000004026409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a11c40f38b16672021-12-22 12:46:16.444root 11241100x80000000000000004026410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ad74affcbdae1a2021-12-22 12:46:16.444root 11241100x80000000000000004026411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2190032ad668a92021-12-22 12:46:16.444root 11241100x80000000000000004026412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6c45f1af98a90e2021-12-22 12:46:16.445root 11241100x80000000000000004026413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d81f6a5924bb6af2021-12-22 12:46:16.445root 11241100x80000000000000004026414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f50a66f1e914d12021-12-22 12:46:16.445root 11241100x80000000000000004026415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdc6b75100463712021-12-22 12:46:16.445root 11241100x80000000000000004026416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2996362bc63b00852021-12-22 12:46:16.445root 11241100x80000000000000004026417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9e1e26a9ce158a2021-12-22 12:46:16.446root 11241100x80000000000000004026418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd73f30bdb6572c82021-12-22 12:46:16.446root 11241100x80000000000000004026419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906a5b7f405b44a42021-12-22 12:46:16.446root 11241100x80000000000000004026420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f08fbf75d5fc402021-12-22 12:46:16.446root 11241100x80000000000000004026421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df6e6883e39ad052021-12-22 12:46:16.446root 11241100x80000000000000004026422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1c9a587130a0a02021-12-22 12:46:16.446root 11241100x80000000000000004026423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e51fa426d8a8382021-12-22 12:46:16.446root 11241100x80000000000000004026424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb37553a1512b402021-12-22 12:46:16.447root 11241100x80000000000000004026425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4572ce393c661c572021-12-22 12:46:16.447root 11241100x80000000000000004026426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c641ec2a09738c2021-12-22 12:46:16.447root 11241100x80000000000000004026427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753314c3844a1be62021-12-22 12:46:16.447root 11241100x80000000000000004026428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77296483f14ec93b2021-12-22 12:46:16.447root 11241100x80000000000000004026429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c008ef2d6acccf22021-12-22 12:46:16.447root 11241100x80000000000000004026430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f641c1dfa48dbc42021-12-22 12:46:16.448root 11241100x80000000000000004026431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4c1ecd731f09d52021-12-22 12:46:16.448root 11241100x80000000000000004026432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853dd9ade0fac84d2021-12-22 12:46:16.448root 11241100x80000000000000004026433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee558f6822f66032021-12-22 12:46:16.448root 11241100x80000000000000004026434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378f012ef7ba7ed32021-12-22 12:46:16.448root 11241100x80000000000000004026435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff9bb0ce9210da52021-12-22 12:46:16.448root 11241100x80000000000000004026436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfaa2c20aa22f70c2021-12-22 12:46:16.448root 11241100x80000000000000004026437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910524c2f8b21bcc2021-12-22 12:46:16.448root 11241100x80000000000000004026438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6cadf82a0c540e2021-12-22 12:46:16.448root 11241100x80000000000000004026439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef272b6a550473d2021-12-22 12:46:16.448root 11241100x80000000000000004026440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5478297305ad62e2021-12-22 12:46:16.943root 11241100x80000000000000004026441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7757259b6077652021-12-22 12:46:16.943root 11241100x80000000000000004026442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c353fc8c1fdbe322021-12-22 12:46:16.943root 11241100x80000000000000004026443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9ee6ee22c45a5b2021-12-22 12:46:16.943root 11241100x80000000000000004026444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0767d695dfb172a82021-12-22 12:46:16.943root 11241100x80000000000000004026445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c0cab9fab2d0142021-12-22 12:46:16.943root 11241100x80000000000000004026446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32d7df57fce41692021-12-22 12:46:16.944root 11241100x80000000000000004026447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00715a584ffb730c2021-12-22 12:46:16.944root 11241100x80000000000000004026448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2606fe641c91bf0a2021-12-22 12:46:16.944root 11241100x80000000000000004026449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2617af1545f946e2021-12-22 12:46:16.944root 11241100x80000000000000004026450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde4f6574de596de2021-12-22 12:46:16.944root 11241100x80000000000000004026451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d6fae5a3ce6a242021-12-22 12:46:16.944root 11241100x80000000000000004026452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1807d1c3988e402021-12-22 12:46:16.945root 11241100x80000000000000004026453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bccf229f0ecc532021-12-22 12:46:16.945root 11241100x80000000000000004026454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7d40d56e9b5bf52021-12-22 12:46:16.945root 11241100x80000000000000004026455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc540f3e523051852021-12-22 12:46:16.945root 11241100x80000000000000004026456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838d53131c44b5a92021-12-22 12:46:16.945root 11241100x80000000000000004026457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c91de93120fb3262021-12-22 12:46:16.945root 11241100x80000000000000004026458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6382d3efe79ca4682021-12-22 12:46:16.945root 11241100x80000000000000004026459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a15120064c6bf42021-12-22 12:46:16.946root 11241100x80000000000000004026460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b6878eff5786562021-12-22 12:46:16.946root 11241100x80000000000000004026461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4e8a0d6b03d9272021-12-22 12:46:16.946root 11241100x80000000000000004026462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfae059e5d225f842021-12-22 12:46:16.946root 11241100x80000000000000004026463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfafb90af4b2e9762021-12-22 12:46:16.946root 11241100x80000000000000004026464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbd95c9bb75c6d92021-12-22 12:46:16.946root 11241100x80000000000000004026465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ceda05c8a34ea32021-12-22 12:46:16.947root 11241100x80000000000000004026466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a61bc8e379015d2021-12-22 12:46:16.947root 11241100x80000000000000004026467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198fcf521fc5299e2021-12-22 12:46:16.947root 11241100x80000000000000004026468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295771b3859348e62021-12-22 12:46:16.947root 11241100x80000000000000004026469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796335f1339ec0b02021-12-22 12:46:16.948root 11241100x80000000000000004026470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c038c4dca2409bcc2021-12-22 12:46:16.948root 11241100x80000000000000004026471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc30993e80904c02021-12-22 12:46:16.948root 11241100x80000000000000004026472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e4e26cd2827be62021-12-22 12:46:16.948root 11241100x80000000000000004026473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41d774bd8e063502021-12-22 12:46:16.948root 11241100x80000000000000004026474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c308c22ab6e6b0bd2021-12-22 12:46:16.949root 11241100x80000000000000004026475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cd1a179c438aa82021-12-22 12:46:16.949root 11241100x80000000000000004026476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b7c3968707dc9e2021-12-22 12:46:16.949root 11241100x80000000000000004026477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1475da8770a279482021-12-22 12:46:16.950root 11241100x80000000000000004026478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdf51bd5451a3c52021-12-22 12:46:16.950root 354300x80000000000000004026479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.153{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56882-false10.0.1.12-8000- 11241100x80000000000000004026480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ae5349d9f32ba52021-12-22 12:46:17.443root 11241100x80000000000000004026481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8539f6650a5bdc2d2021-12-22 12:46:17.443root 11241100x80000000000000004026482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086addb0b008e7d02021-12-22 12:46:17.443root 11241100x80000000000000004026483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a2f1d092259e912021-12-22 12:46:17.444root 11241100x80000000000000004026484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e2d5caa6b5ba322021-12-22 12:46:17.444root 11241100x80000000000000004026485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec48fba81685a872021-12-22 12:46:17.444root 11241100x80000000000000004026486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005bee921e664e4a2021-12-22 12:46:17.444root 11241100x80000000000000004026487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168e2c779fe625af2021-12-22 12:46:17.444root 11241100x80000000000000004026488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40918384a17f52f2021-12-22 12:46:17.444root 11241100x80000000000000004026489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b737f54a0fc59c682021-12-22 12:46:17.445root 11241100x80000000000000004026490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b391d3f0ab735ca42021-12-22 12:46:17.445root 11241100x80000000000000004026491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8da7a373bcd04f72021-12-22 12:46:17.445root 11241100x80000000000000004026492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27dd3f205e471182021-12-22 12:46:17.445root 11241100x80000000000000004026493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96539a44873583512021-12-22 12:46:17.445root 11241100x80000000000000004026494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da376674628ce9222021-12-22 12:46:17.445root 11241100x80000000000000004026495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d372d2ce75f96f2021-12-22 12:46:17.446root 11241100x80000000000000004026496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9693cb6b5a8b110d2021-12-22 12:46:17.449root 11241100x80000000000000004026497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e375dbf7235d73c2021-12-22 12:46:17.449root 11241100x80000000000000004026498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10acfdcaf7935d8d2021-12-22 12:46:17.449root 11241100x80000000000000004026499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb21dfe0fae2c0b2021-12-22 12:46:17.449root 11241100x80000000000000004026500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a427d472a6b25e1d2021-12-22 12:46:17.450root 11241100x80000000000000004026501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff2c1cc9eb083852021-12-22 12:46:17.450root 11241100x80000000000000004026502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfcfc3abef5561f2021-12-22 12:46:17.450root 11241100x80000000000000004026503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43140c5ff62c00322021-12-22 12:46:17.450root 11241100x80000000000000004026504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c996e487f759a562021-12-22 12:46:17.450root 11241100x80000000000000004026505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8026b2c45bd4eba92021-12-22 12:46:17.450root 11241100x80000000000000004026506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff7d83e0227e722021-12-22 12:46:17.450root 11241100x80000000000000004026507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e98d5c334ecac02021-12-22 12:46:17.451root 11241100x80000000000000004026508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254128c57119f5332021-12-22 12:46:17.451root 11241100x80000000000000004026509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d963423b799af972021-12-22 12:46:17.451root 11241100x80000000000000004026510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14c130d16e645742021-12-22 12:46:17.451root 11241100x80000000000000004026511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e5d8d5f336f31e2021-12-22 12:46:17.451root 11241100x80000000000000004026512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410dff16afcac6a12021-12-22 12:46:17.452root 11241100x80000000000000004026513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd6e8ab6a44cefe2021-12-22 12:46:17.452root 11241100x80000000000000004026514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e5d1749f401a982021-12-22 12:46:17.452root 11241100x80000000000000004026515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3137c7bf0f1a751b2021-12-22 12:46:17.452root 11241100x80000000000000004026516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f5e82a738ca2172021-12-22 12:46:17.453root 11241100x80000000000000004026517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2be39125cdf25de2021-12-22 12:46:17.454root 11241100x80000000000000004026518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76e267f0b1821c72021-12-22 12:46:17.455root 11241100x80000000000000004026519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0648eb8fd77e6f2021-12-22 12:46:17.455root 534500x80000000000000004026520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.687{00000000-0000-0000-0000-000000000000}19173<unknown process>root 11241100x80000000000000004026521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2dccdc3c85c6632021-12-22 12:46:17.943root 11241100x80000000000000004026522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e095801abe969a2021-12-22 12:46:17.943root 11241100x80000000000000004026523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5d078e2b48ece22021-12-22 12:46:17.943root 11241100x80000000000000004026524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010f1387eccfe2d02021-12-22 12:46:17.943root 11241100x80000000000000004026525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643d82c4fe9dd7fb2021-12-22 12:46:17.943root 11241100x80000000000000004026526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19d9246ab4498f62021-12-22 12:46:17.944root 11241100x80000000000000004026527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124cb6cfc8fc2b362021-12-22 12:46:17.944root 11241100x80000000000000004026528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e68cfb7ece1f2ab2021-12-22 12:46:17.944root 11241100x80000000000000004026529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27e726e0ad8bdaf2021-12-22 12:46:17.944root 11241100x80000000000000004026530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f687d914b49ec01e2021-12-22 12:46:17.944root 11241100x80000000000000004026531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f0ba8942f1e36a2021-12-22 12:46:17.944root 11241100x80000000000000004026532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09462446d9ed375e2021-12-22 12:46:17.944root 11241100x80000000000000004026533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb14160aa40b6ed62021-12-22 12:46:17.945root 11241100x80000000000000004026534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befe808d588780062021-12-22 12:46:17.945root 11241100x80000000000000004026535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5b98fe5ce1fbc12021-12-22 12:46:17.945root 11241100x80000000000000004026536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7171ed8cb851fd2021-12-22 12:46:17.945root 11241100x80000000000000004026537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32e6fa08129e41e2021-12-22 12:46:17.945root 11241100x80000000000000004026538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec413cb33d18dde02021-12-22 12:46:17.945root 11241100x80000000000000004026539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d597583c98b05b2021-12-22 12:46:17.945root 11241100x80000000000000004026540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4173ef83dfdf63722021-12-22 12:46:17.946root 11241100x80000000000000004026541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a1379fb256d0d02021-12-22 12:46:17.946root 11241100x80000000000000004026542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccb0d27d2402dc62021-12-22 12:46:17.946root 11241100x80000000000000004026543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be92a987cccb00f2021-12-22 12:46:17.947root 11241100x80000000000000004026544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efda2be4f07bd602021-12-22 12:46:17.947root 11241100x80000000000000004026545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35996c4a567626e82021-12-22 12:46:17.948root 11241100x80000000000000004026546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42abc863e24b0f2e2021-12-22 12:46:17.948root 11241100x80000000000000004026547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b9b4c9fccd32d32021-12-22 12:46:17.948root 11241100x80000000000000004026548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3940d950a949c132021-12-22 12:46:17.948root 11241100x80000000000000004026549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4ef5cc775ab9902021-12-22 12:46:17.948root 11241100x80000000000000004026550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebad766da6b009f2021-12-22 12:46:17.949root 11241100x80000000000000004026551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e8deeff78ee5b82021-12-22 12:46:17.949root 11241100x80000000000000004026552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb6fc692c0ffc202021-12-22 12:46:17.949root 11241100x80000000000000004026553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c15e60db2227b32021-12-22 12:46:17.950root 11241100x80000000000000004026554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3605bbb0ba6916d2021-12-22 12:46:17.950root 11241100x80000000000000004026555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165109676ac496aa2021-12-22 12:46:17.950root 11241100x80000000000000004026556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f07f713314aa0ec2021-12-22 12:46:17.950root 11241100x80000000000000004026557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:17.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16c78f4618e1aaa2021-12-22 12:46:17.951root 11241100x80000000000000004026558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ac69fd4ea25dc42021-12-22 12:46:18.443root 11241100x80000000000000004026559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c67af0a02fc1c952021-12-22 12:46:18.443root 11241100x80000000000000004026560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b536a64f5ce1a212021-12-22 12:46:18.443root 11241100x80000000000000004026561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c668b8b44a79dbe2021-12-22 12:46:18.443root 11241100x80000000000000004026562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a18cfa364266aa2021-12-22 12:46:18.443root 11241100x80000000000000004026563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2799d9fed7e00edd2021-12-22 12:46:18.443root 11241100x80000000000000004026564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da0243372589cca2021-12-22 12:46:18.443root 11241100x80000000000000004026565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af666c46ac48b2202021-12-22 12:46:18.444root 11241100x80000000000000004026566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136b2216dc31b5f12021-12-22 12:46:18.444root 11241100x80000000000000004026567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534d5d10350ea2512021-12-22 12:46:18.444root 11241100x80000000000000004026568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b1d0c8f3c6a6a32021-12-22 12:46:18.444root 11241100x80000000000000004026569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb57e292978ccb62021-12-22 12:46:18.444root 11241100x80000000000000004026570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42207f4b262ec26e2021-12-22 12:46:18.444root 11241100x80000000000000004026571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cd743e1ea94e4a2021-12-22 12:46:18.444root 11241100x80000000000000004026572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7b2c78ca05068e2021-12-22 12:46:18.444root 11241100x80000000000000004026573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b5ff4dc6c10eeb2021-12-22 12:46:18.445root 11241100x80000000000000004026574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c111370e08fae8542021-12-22 12:46:18.445root 11241100x80000000000000004026575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d84db4e82a5fa002021-12-22 12:46:18.445root 11241100x80000000000000004026576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8893e599eb95a42021-12-22 12:46:18.445root 11241100x80000000000000004026577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7e6c675049511d2021-12-22 12:46:18.445root 11241100x80000000000000004026578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3bb8ad9a9527f92021-12-22 12:46:18.445root 11241100x80000000000000004026579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac4081c349714782021-12-22 12:46:18.445root 11241100x80000000000000004026580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065a5437e1d0046f2021-12-22 12:46:18.446root 11241100x80000000000000004026581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debafa2baaa198912021-12-22 12:46:18.446root 11241100x80000000000000004026582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2832052d94465e652021-12-22 12:46:18.446root 11241100x80000000000000004026583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd32657234f8d5a52021-12-22 12:46:18.446root 11241100x80000000000000004026584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04aadc2e9c5088052021-12-22 12:46:18.446root 11241100x80000000000000004026585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7e0c0988735f752021-12-22 12:46:18.446root 11241100x80000000000000004026586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc71e76222cb1512021-12-22 12:46:18.446root 11241100x80000000000000004026587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cb521cc29315d92021-12-22 12:46:18.447root 11241100x80000000000000004026588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624ff7973e3b3c282021-12-22 12:46:18.447root 11241100x80000000000000004026589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478522d88a55cd602021-12-22 12:46:18.447root 11241100x80000000000000004026590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe1c6480a9f3a9b2021-12-22 12:46:18.447root 11241100x80000000000000004026591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d671299c247aad2021-12-22 12:46:18.447root 11241100x80000000000000004026592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77863316a278838f2021-12-22 12:46:18.447root 11241100x80000000000000004026593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1861e13244be91e52021-12-22 12:46:18.447root 11241100x80000000000000004026594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5e52d6c67f8d072021-12-22 12:46:18.447root 11241100x80000000000000004026595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dc305a063f91c62021-12-22 12:46:18.447root 11241100x80000000000000004026596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4682eae74ccd2a6a2021-12-22 12:46:18.943root 11241100x80000000000000004026597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8607176d2e03a902021-12-22 12:46:18.943root 11241100x80000000000000004026598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c837dd95cd1e889a2021-12-22 12:46:18.943root 11241100x80000000000000004026599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d244d68bd47af72021-12-22 12:46:18.943root 11241100x80000000000000004026600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ed8015ca32d4d12021-12-22 12:46:18.943root 11241100x80000000000000004026601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b385f3989642bf42021-12-22 12:46:18.943root 11241100x80000000000000004026602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ba4780767ada8b2021-12-22 12:46:18.943root 11241100x80000000000000004026603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0a29011c6431622021-12-22 12:46:18.943root 11241100x80000000000000004026604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e7e067a49c39622021-12-22 12:46:18.943root 11241100x80000000000000004026605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea08f9ae8bf1b92021-12-22 12:46:18.944root 11241100x80000000000000004026606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50dd1eb30d4a1d12021-12-22 12:46:18.944root 11241100x80000000000000004026607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1477eed28ca507fd2021-12-22 12:46:18.944root 11241100x80000000000000004026608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57891b67e3a98502021-12-22 12:46:18.944root 11241100x80000000000000004026609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a4547f46385abe2021-12-22 12:46:18.944root 11241100x80000000000000004026610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c3c5f8bb8964ba2021-12-22 12:46:18.944root 11241100x80000000000000004026611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1ebfa14c45d3ff2021-12-22 12:46:18.945root 11241100x80000000000000004026612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4bbb6b4183b44e2021-12-22 12:46:18.945root 11241100x80000000000000004026613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5697a8ac906ef8cf2021-12-22 12:46:18.945root 11241100x80000000000000004026614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3870433733762c2021-12-22 12:46:18.946root 11241100x80000000000000004026615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0449162d074d15e82021-12-22 12:46:18.946root 11241100x80000000000000004026616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18cc73b65f74c8d2021-12-22 12:46:18.946root 11241100x80000000000000004026617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2dafa071650c2f2021-12-22 12:46:18.946root 11241100x80000000000000004026618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0cb343a6b050cd2021-12-22 12:46:18.946root 11241100x80000000000000004026619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814127349aa075e12021-12-22 12:46:18.947root 11241100x80000000000000004026620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199310bff0e870272021-12-22 12:46:18.947root 11241100x80000000000000004026621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9f1d4169345d222021-12-22 12:46:18.947root 11241100x80000000000000004026622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe2f498593f98f32021-12-22 12:46:18.947root 11241100x80000000000000004026623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94ef53e77bb14632021-12-22 12:46:18.947root 11241100x80000000000000004026624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8fdd95c4441c9d2021-12-22 12:46:18.947root 11241100x80000000000000004026625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde0b1ef0806d8052021-12-22 12:46:18.947root 11241100x80000000000000004026626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52f2b4b6cf65a782021-12-22 12:46:18.947root 11241100x80000000000000004026627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f12b4b6f9627592021-12-22 12:46:18.947root 11241100x80000000000000004026628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c86b45c1f80ceb2021-12-22 12:46:18.947root 11241100x80000000000000004026629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799886be64144d8a2021-12-22 12:46:18.948root 11241100x80000000000000004026630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7447bdc49105b62021-12-22 12:46:18.948root 11241100x80000000000000004026631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c7e56c3ca976c92021-12-22 12:46:18.948root 11241100x80000000000000004026632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed4be8a2238e3282021-12-22 12:46:18.948root 11241100x80000000000000004026633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d235ff00e4d18d912021-12-22 12:46:18.948root 11241100x80000000000000004026634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d4f8e6b79ede2c2021-12-22 12:46:18.948root 11241100x80000000000000004026635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b62f6b3a4b9a8a2021-12-22 12:46:18.948root 11241100x80000000000000004026636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e34b5cd7ec661a2021-12-22 12:46:18.948root 11241100x80000000000000004026637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b36261e7a194dbc2021-12-22 12:46:18.948root 11241100x80000000000000004026638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c0b6c9d54f80f62021-12-22 12:46:18.948root 11241100x80000000000000004026639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c453f68c5da5177a2021-12-22 12:46:18.948root 11241100x80000000000000004026640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28b637f0fe047292021-12-22 12:46:19.443root 11241100x80000000000000004026641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322cb653d07a5f7e2021-12-22 12:46:19.443root 11241100x80000000000000004026642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e235aae8c0390caa2021-12-22 12:46:19.444root 11241100x80000000000000004026643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28b8ddf77dfdb452021-12-22 12:46:19.444root 11241100x80000000000000004026644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7f2be8f88aef492021-12-22 12:46:19.444root 11241100x80000000000000004026645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79fab5388ef06262021-12-22 12:46:19.444root 11241100x80000000000000004026646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a393e826807cbea2021-12-22 12:46:19.444root 11241100x80000000000000004026647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8126df5a31c6b33a2021-12-22 12:46:19.444root 11241100x80000000000000004026648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134dca84812796912021-12-22 12:46:19.445root 11241100x80000000000000004026649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5f220a0013bcc52021-12-22 12:46:19.445root 11241100x80000000000000004026650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbdd219aa080a2e2021-12-22 12:46:19.445root 11241100x80000000000000004026651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8662e5abdc2f7f232021-12-22 12:46:19.445root 11241100x80000000000000004026652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b923490d5a5eb812021-12-22 12:46:19.445root 11241100x80000000000000004026653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df65ef847096f3402021-12-22 12:46:19.445root 11241100x80000000000000004026654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53d69966c83d4082021-12-22 12:46:19.446root 11241100x80000000000000004026655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d1df75637435dc2021-12-22 12:46:19.446root 11241100x80000000000000004026656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98c5860f4a53a732021-12-22 12:46:19.446root 11241100x80000000000000004026657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221e881a4abeeec42021-12-22 12:46:19.446root 11241100x80000000000000004026658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187cf86241c2d0df2021-12-22 12:46:19.446root 11241100x80000000000000004026659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d04228369f7a9602021-12-22 12:46:19.446root 11241100x80000000000000004026660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c194ffdc5aa65f2021-12-22 12:46:19.446root 11241100x80000000000000004026661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987ff4cf93828e2f2021-12-22 12:46:19.447root 11241100x80000000000000004026662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9ab2d2648b532f2021-12-22 12:46:19.447root 11241100x80000000000000004026663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584320e7a96147172021-12-22 12:46:19.447root 11241100x80000000000000004026664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f86fd314aa0deb82021-12-22 12:46:19.447root 11241100x80000000000000004026665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5974e7c564051f292021-12-22 12:46:19.447root 11241100x80000000000000004026666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a93839fcbd0ad22021-12-22 12:46:19.447root 11241100x80000000000000004026667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2996bc418676b74d2021-12-22 12:46:19.447root 11241100x80000000000000004026668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ab7abc2f0214032021-12-22 12:46:19.448root 11241100x80000000000000004026669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1459219f925e4c7d2021-12-22 12:46:19.448root 11241100x80000000000000004026670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c10091df874a45a2021-12-22 12:46:19.448root 11241100x80000000000000004026671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f261afc168375db72021-12-22 12:46:19.448root 11241100x80000000000000004026672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14183a267faed8292021-12-22 12:46:19.448root 11241100x80000000000000004026673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fef9b19437b13562021-12-22 12:46:19.448root 11241100x80000000000000004026674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9062bdb58756162021-12-22 12:46:19.448root 11241100x80000000000000004026675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e605bce4f1c4c8e2021-12-22 12:46:19.448root 11241100x80000000000000004026676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb7e9be9e757cef2021-12-22 12:46:19.448root 11241100x80000000000000004026677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d87337119655a92021-12-22 12:46:19.448root 11241100x80000000000000004026678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb0d8b76ee19aee2021-12-22 12:46:19.448root 11241100x80000000000000004026679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cad3b1f48103082021-12-22 12:46:19.448root 11241100x80000000000000004026680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94d0381029ac8342021-12-22 12:46:19.943root 11241100x80000000000000004026681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4e4a6ef0b1dc782021-12-22 12:46:19.943root 11241100x80000000000000004026682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9c2dc0d36a114e2021-12-22 12:46:19.944root 11241100x80000000000000004026683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfc4bee7c0a4c8e2021-12-22 12:46:19.944root 11241100x80000000000000004026684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b4e417fc13fde32021-12-22 12:46:19.944root 11241100x80000000000000004026685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141bf797ca11bbd52021-12-22 12:46:19.944root 11241100x80000000000000004026686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fc48a5073978502021-12-22 12:46:19.944root 11241100x80000000000000004026687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311d80f49ba3d0802021-12-22 12:46:19.944root 11241100x80000000000000004026688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bead033dfcc23ed2021-12-22 12:46:19.944root 11241100x80000000000000004026689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0232b8e364d03df2021-12-22 12:46:19.944root 11241100x80000000000000004026690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a293cc863da7c4b72021-12-22 12:46:19.944root 11241100x80000000000000004026691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf247eee2f4b3fef2021-12-22 12:46:19.944root 11241100x80000000000000004026692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990e7d0edaba8c0a2021-12-22 12:46:19.945root 11241100x80000000000000004026693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ec8405730b982b2021-12-22 12:46:19.945root 11241100x80000000000000004026694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfdde816d86ee0b2021-12-22 12:46:19.945root 11241100x80000000000000004026695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6749dad3d9372a6a2021-12-22 12:46:19.945root 11241100x80000000000000004026696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ba6779f5852dc72021-12-22 12:46:19.945root 11241100x80000000000000004026697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b4fbf88fdad6f42021-12-22 12:46:19.945root 11241100x80000000000000004026698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b930367bb267b82021-12-22 12:46:19.945root 11241100x80000000000000004026699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562eaa29c531835f2021-12-22 12:46:19.945root 11241100x80000000000000004026700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6d500bfb8d59072021-12-22 12:46:19.945root 11241100x80000000000000004026701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10bae4432d4564e2021-12-22 12:46:19.945root 11241100x80000000000000004026702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840e0d78b707b7202021-12-22 12:46:19.946root 11241100x80000000000000004026703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56d9e58904b9ac22021-12-22 12:46:19.946root 11241100x80000000000000004026704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab9960edcdd3f732021-12-22 12:46:19.946root 11241100x80000000000000004026705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f54f0978fe8f6092021-12-22 12:46:19.946root 11241100x80000000000000004026706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e47e68743e6ff4d2021-12-22 12:46:19.946root 11241100x80000000000000004026707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6beb57ff6e4323e82021-12-22 12:46:19.946root 11241100x80000000000000004026708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81db1f63001d5db92021-12-22 12:46:19.946root 11241100x80000000000000004026709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494262dc2d28ad432021-12-22 12:46:19.946root 11241100x80000000000000004026710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ef7ec6730c8da32021-12-22 12:46:19.946root 11241100x80000000000000004026711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1802cda5483f052021-12-22 12:46:19.947root 11241100x80000000000000004026712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c676e79cac41472021-12-22 12:46:19.947root 11241100x80000000000000004026713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32424ba5f22250c92021-12-22 12:46:19.947root 11241100x80000000000000004026714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aff03595eeafd072021-12-22 12:46:19.947root 11241100x80000000000000004026715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16db331e8def526a2021-12-22 12:46:19.947root 11241100x80000000000000004026716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059f590d259c21612021-12-22 12:46:19.947root 11241100x80000000000000004026717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0dc413c34f24162021-12-22 12:46:19.947root 11241100x80000000000000004026718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357d13cd546bb0652021-12-22 12:46:20.443root 11241100x80000000000000004026719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b1e7fd65249c242021-12-22 12:46:20.443root 11241100x80000000000000004026720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fecc92eaa8a9cea2021-12-22 12:46:20.444root 11241100x80000000000000004026721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49561b7af60b5042021-12-22 12:46:20.444root 11241100x80000000000000004026722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93f02b301a0108b2021-12-22 12:46:20.444root 11241100x80000000000000004026723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690ecab6c5932bef2021-12-22 12:46:20.444root 11241100x80000000000000004026724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58067bd8ae9f45182021-12-22 12:46:20.444root 11241100x80000000000000004026725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e08a2f4c4657a572021-12-22 12:46:20.444root 11241100x80000000000000004026726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f149efaf5299c9dd2021-12-22 12:46:20.444root 11241100x80000000000000004026727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f766e7524cc64f2021-12-22 12:46:20.444root 11241100x80000000000000004026728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2936caf8a021dc162021-12-22 12:46:20.445root 11241100x80000000000000004026729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca56343db79e7ac2021-12-22 12:46:20.445root 11241100x80000000000000004026730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6217eaff26057842021-12-22 12:46:20.445root 11241100x80000000000000004026731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5805a0cc7adbd71f2021-12-22 12:46:20.445root 11241100x80000000000000004026732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30545cff7ec0f1912021-12-22 12:46:20.445root 11241100x80000000000000004026733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f7e39b9e20bfe72021-12-22 12:46:20.445root 11241100x80000000000000004026734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1870b691052ddc1e2021-12-22 12:46:20.445root 11241100x80000000000000004026735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644a97916650a5102021-12-22 12:46:20.445root 11241100x80000000000000004026736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81ce9984f586dee2021-12-22 12:46:20.446root 11241100x80000000000000004026737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42746bf97238bd762021-12-22 12:46:20.446root 11241100x80000000000000004026738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d2baf793baa2442021-12-22 12:46:20.446root 11241100x80000000000000004026739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf15247162d53f92021-12-22 12:46:20.446root 11241100x80000000000000004026740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffff247816d0a3b2021-12-22 12:46:20.446root 11241100x80000000000000004026741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb489c1e5ac9b8982021-12-22 12:46:20.446root 11241100x80000000000000004026742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5943afbeb8b8c4572021-12-22 12:46:20.446root 11241100x80000000000000004026743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c6e57df13bd6cf2021-12-22 12:46:20.446root 11241100x80000000000000004026744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4b8674f03a62402021-12-22 12:46:20.446root 11241100x80000000000000004026745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdac62c24db2b7072021-12-22 12:46:20.446root 11241100x80000000000000004026746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3756ec345816c0792021-12-22 12:46:20.447root 11241100x80000000000000004026747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84265794ea7b9a82021-12-22 12:46:20.447root 11241100x80000000000000004026748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f39d595ba149642021-12-22 12:46:20.447root 11241100x80000000000000004026749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a3738ca84e0e3a2021-12-22 12:46:20.447root 11241100x80000000000000004026750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc334c5ce02c73bd2021-12-22 12:46:20.447root 11241100x80000000000000004026751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80e077a66db9f032021-12-22 12:46:20.447root 11241100x80000000000000004026752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab65ac358a46c6e2021-12-22 12:46:20.447root 11241100x80000000000000004026753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e98387c88fdf24e2021-12-22 12:46:20.447root 11241100x80000000000000004026754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708fc7de9889801f2021-12-22 12:46:20.448root 11241100x80000000000000004026755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82721832a194c59f2021-12-22 12:46:20.448root 11241100x80000000000000004026756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db2e01c58edb71a2021-12-22 12:46:20.943root 11241100x80000000000000004026757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13abd0d7b90e2ea72021-12-22 12:46:20.943root 11241100x80000000000000004026758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172ad815a449e8522021-12-22 12:46:20.943root 11241100x80000000000000004026759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4266f41ff85d77c2021-12-22 12:46:20.943root 11241100x80000000000000004026760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff9c89f669364972021-12-22 12:46:20.943root 11241100x80000000000000004026761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35842db8720454d62021-12-22 12:46:20.943root 11241100x80000000000000004026762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73352dd4b6866afd2021-12-22 12:46:20.943root 11241100x80000000000000004026763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc4dc5c9a0cd3a82021-12-22 12:46:20.944root 11241100x80000000000000004026764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1351782a9846d52021-12-22 12:46:20.944root 11241100x80000000000000004026765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa4e8dbe27b528e2021-12-22 12:46:20.944root 11241100x80000000000000004026766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b210459a50c6f9bc2021-12-22 12:46:20.944root 11241100x80000000000000004026767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65c4ee19c75e7502021-12-22 12:46:20.944root 11241100x80000000000000004026768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a23ff357f6e48b62021-12-22 12:46:20.944root 11241100x80000000000000004026769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548793671d2f5b7d2021-12-22 12:46:20.944root 11241100x80000000000000004026770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a7d639e3a5061b2021-12-22 12:46:20.945root 11241100x80000000000000004026771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc94b6c579b52a272021-12-22 12:46:20.945root 11241100x80000000000000004026772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da20b7a8db1bffbb2021-12-22 12:46:20.945root 11241100x80000000000000004026773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1022a0cfa00c589f2021-12-22 12:46:20.945root 11241100x80000000000000004026774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fb3f3a5ec20ece2021-12-22 12:46:20.945root 11241100x80000000000000004026775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48d7d50dcee98db2021-12-22 12:46:20.945root 11241100x80000000000000004026776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50fd60b3840b3262021-12-22 12:46:20.945root 11241100x80000000000000004026777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4def196620e4e52d2021-12-22 12:46:20.945root 11241100x80000000000000004026778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4a5ccc3065f9982021-12-22 12:46:20.945root 11241100x80000000000000004026779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4b4b2f7031e9472021-12-22 12:46:20.945root 11241100x80000000000000004026780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9500b9386c095142021-12-22 12:46:20.946root 11241100x80000000000000004026781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a13ce697f7d46692021-12-22 12:46:20.946root 11241100x80000000000000004026782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f05acb8f484fb402021-12-22 12:46:20.946root 11241100x80000000000000004026783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dbb9f1338db8282021-12-22 12:46:20.946root 11241100x80000000000000004026784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a98139e472233862021-12-22 12:46:20.946root 11241100x80000000000000004026785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8270782cc52226a2021-12-22 12:46:20.946root 11241100x80000000000000004026786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9f8c1e09d126782021-12-22 12:46:20.946root 11241100x80000000000000004026787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df24b876071ff7c2021-12-22 12:46:20.946root 11241100x80000000000000004026788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a93ab9c934b89a42021-12-22 12:46:20.946root 11241100x80000000000000004026789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bb6ecc866d14ca2021-12-22 12:46:20.947root 11241100x80000000000000004026790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b426c371075c7ca2021-12-22 12:46:20.947root 11241100x80000000000000004026791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaa39783a3f1b9e2021-12-22 12:46:20.947root 11241100x80000000000000004026792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6001851d1a1e8b2a2021-12-22 12:46:20.947root 11241100x80000000000000004026793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fe234cf8f20f702021-12-22 12:46:20.947root 11241100x80000000000000004026794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edc0bb3974d3a072021-12-22 12:46:21.442root 11241100x80000000000000004026795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d97795dae6c7fd42021-12-22 12:46:21.443root 11241100x80000000000000004026796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9005c1358575a22021-12-22 12:46:21.443root 11241100x80000000000000004026797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8534068f7f778c2021-12-22 12:46:21.443root 11241100x80000000000000004026798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b446574bf4b722a2021-12-22 12:46:21.443root 11241100x80000000000000004026799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81128e08146bbd3f2021-12-22 12:46:21.443root 11241100x80000000000000004026800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f2dfc67afda11d2021-12-22 12:46:21.443root 11241100x80000000000000004026801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fda0ae4352a4ebf2021-12-22 12:46:21.443root 11241100x80000000000000004026802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c9f994a558af552021-12-22 12:46:21.443root 11241100x80000000000000004026803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cd52dde5d0bcb62021-12-22 12:46:21.444root 11241100x80000000000000004026804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c329e192d3f3527f2021-12-22 12:46:21.444root 11241100x80000000000000004026805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337c9a1fd48b792c2021-12-22 12:46:21.444root 11241100x80000000000000004026806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a8024b10fb913f2021-12-22 12:46:21.444root 11241100x80000000000000004026807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f3bc73996577742021-12-22 12:46:21.444root 11241100x80000000000000004026808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a112e0ae90978232021-12-22 12:46:21.444root 11241100x80000000000000004026809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140d3b71c5d0232e2021-12-22 12:46:21.444root 11241100x80000000000000004026810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae52af9d45e3bb662021-12-22 12:46:21.444root 11241100x80000000000000004026811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4457d3e1fc2e7ab72021-12-22 12:46:21.444root 11241100x80000000000000004026812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa20f20c3ff9ab52021-12-22 12:46:21.445root 11241100x80000000000000004026813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c07ad8374c7a4442021-12-22 12:46:21.445root 11241100x80000000000000004026814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5475e54b31883aea2021-12-22 12:46:21.445root 11241100x80000000000000004026815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63957b7e6bfb37d12021-12-22 12:46:21.445root 11241100x80000000000000004026816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742802a1341e15112021-12-22 12:46:21.445root 11241100x80000000000000004026817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729dc57aa4adc4a02021-12-22 12:46:21.445root 11241100x80000000000000004026818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64938908a5fb39c82021-12-22 12:46:21.445root 11241100x80000000000000004026819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f962231fc03613d2021-12-22 12:46:21.445root 11241100x80000000000000004026820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05ad2feee69f8ba2021-12-22 12:46:21.446root 11241100x80000000000000004026821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814baa6a503fa4e72021-12-22 12:46:21.446root 11241100x80000000000000004026822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ca0eb8dd3223a12021-12-22 12:46:21.446root 11241100x80000000000000004026823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45167d503a6897fa2021-12-22 12:46:21.446root 11241100x80000000000000004026824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780b53c5864dab3b2021-12-22 12:46:21.446root 11241100x80000000000000004026825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674f73fc1da86ddf2021-12-22 12:46:21.446root 11241100x80000000000000004026826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d393dcef64d19fd2021-12-22 12:46:21.446root 11241100x80000000000000004026827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599aa4ad4d142c2e2021-12-22 12:46:21.447root 11241100x80000000000000004026828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23249b8501625ea62021-12-22 12:46:21.447root 11241100x80000000000000004026829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1f58611807df9f2021-12-22 12:46:21.447root 11241100x80000000000000004026830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d193dd0467638d222021-12-22 12:46:21.447root 11241100x80000000000000004026831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d52b5d7379249042021-12-22 12:46:21.447root 11241100x80000000000000004026832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a8c5eb85746fb02021-12-22 12:46:21.447root 11241100x80000000000000004026833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9897cf6a67ab556f2021-12-22 12:46:21.447root 11241100x80000000000000004026834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f8a8217d04a0b02021-12-22 12:46:21.447root 11241100x80000000000000004026835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60f0a36c32cd2f92021-12-22 12:46:21.447root 11241100x80000000000000004026836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd55f3cc826e9ac2021-12-22 12:46:21.448root 11241100x80000000000000004026837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb354ce6ff2a7522021-12-22 12:46:21.942root 11241100x80000000000000004026838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7a3c3e801be4022021-12-22 12:46:21.944root 11241100x80000000000000004026839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3b45b280def14c2021-12-22 12:46:21.944root 11241100x80000000000000004026840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ee54e3fc48eca82021-12-22 12:46:21.944root 11241100x80000000000000004026841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9231d0b6eced75c2021-12-22 12:46:21.944root 11241100x80000000000000004026842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56848a4d6656ab732021-12-22 12:46:21.944root 11241100x80000000000000004026843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6fd3a3b44b3e652021-12-22 12:46:21.944root 11241100x80000000000000004026844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd396b53f3f1330e2021-12-22 12:46:21.944root 11241100x80000000000000004026845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f206fcc5cf6746c2021-12-22 12:46:21.945root 11241100x80000000000000004026846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173119722e49236d2021-12-22 12:46:21.945root 11241100x80000000000000004026847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40e37c8d0dd6b482021-12-22 12:46:21.945root 11241100x80000000000000004026848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f4b009fde941252021-12-22 12:46:21.945root 11241100x80000000000000004026849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d347f37ac02d192021-12-22 12:46:21.945root 11241100x80000000000000004026850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11626a0143f276a52021-12-22 12:46:21.945root 11241100x80000000000000004026851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb7d564e14c04872021-12-22 12:46:21.946root 11241100x80000000000000004026852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b88676887c464a2021-12-22 12:46:21.946root 11241100x80000000000000004026853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f1743c6a9cbfac2021-12-22 12:46:21.946root 11241100x80000000000000004026854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b215bcc98cccd8662021-12-22 12:46:21.946root 11241100x80000000000000004026855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9856ab0b9ea0d01a2021-12-22 12:46:21.946root 11241100x80000000000000004026856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594f9572995714c42021-12-22 12:46:21.946root 11241100x80000000000000004026857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64b5e3bc48695d02021-12-22 12:46:21.946root 11241100x80000000000000004026858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb2105f85959e6f2021-12-22 12:46:21.946root 11241100x80000000000000004026859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282878ae14e2c2322021-12-22 12:46:21.947root 11241100x80000000000000004026860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cfd37e845465512021-12-22 12:46:21.947root 11241100x80000000000000004026861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79348d814fea7cff2021-12-22 12:46:21.947root 11241100x80000000000000004026862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6193e3ed41bf25b2021-12-22 12:46:21.947root 11241100x80000000000000004026863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50abfb17ca5b216a2021-12-22 12:46:21.947root 11241100x80000000000000004026864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ecb0c07ce746d62021-12-22 12:46:21.947root 11241100x80000000000000004026865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36d7e49324c35852021-12-22 12:46:21.947root 11241100x80000000000000004026866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d013b6fff8149312021-12-22 12:46:21.947root 11241100x80000000000000004026867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f39344710433872021-12-22 12:46:21.947root 11241100x80000000000000004026868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c61b36a47d18c212021-12-22 12:46:21.948root 11241100x80000000000000004026869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06d279d35beb35e2021-12-22 12:46:21.949root 11241100x80000000000000004026870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20bf1e0495062e52021-12-22 12:46:21.949root 11241100x80000000000000004026871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8ec8e147d6a2f02021-12-22 12:46:21.950root 11241100x80000000000000004026872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6880d6a9392dbb2021-12-22 12:46:21.951root 11241100x80000000000000004026873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a80ca9562d91792021-12-22 12:46:21.951root 11241100x80000000000000004026874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8404f046df0c11792021-12-22 12:46:22.443root 11241100x80000000000000004026875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260885687a5a46712021-12-22 12:46:22.444root 11241100x80000000000000004026876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086d36694bbb55282021-12-22 12:46:22.444root 11241100x80000000000000004026877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbde40fd1dc10db52021-12-22 12:46:22.444root 11241100x80000000000000004026878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb0ea95ae7c125a2021-12-22 12:46:22.444root 11241100x80000000000000004026879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f7ff22b3a15d822021-12-22 12:46:22.444root 11241100x80000000000000004026880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea68648651a785e32021-12-22 12:46:22.444root 11241100x80000000000000004026881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1969834a430057c22021-12-22 12:46:22.445root 11241100x80000000000000004026882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725ccf7506cbb0652021-12-22 12:46:22.445root 11241100x80000000000000004026883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a8a009be0cca552021-12-22 12:46:22.445root 11241100x80000000000000004026884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e98114d6c8c59932021-12-22 12:46:22.445root 11241100x80000000000000004026885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ef578fc54148bb2021-12-22 12:46:22.445root 11241100x80000000000000004026886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46859ca49655295c2021-12-22 12:46:22.446root 11241100x80000000000000004026887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dd704ec97ab8892021-12-22 12:46:22.446root 11241100x80000000000000004026888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e19041053849e5f2021-12-22 12:46:22.446root 11241100x80000000000000004026889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede6ec62bb91a03e2021-12-22 12:46:22.446root 11241100x80000000000000004026890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ea2d8ba27454ba2021-12-22 12:46:22.446root 11241100x80000000000000004026891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f6965d3a03b8712021-12-22 12:46:22.447root 11241100x80000000000000004026892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cd3566eb906c162021-12-22 12:46:22.447root 11241100x80000000000000004026893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd05ffe46f066892021-12-22 12:46:22.447root 11241100x80000000000000004026894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88bb264ee25213d2021-12-22 12:46:22.447root 11241100x80000000000000004026895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9f3d7d4109f75a2021-12-22 12:46:22.447root 11241100x80000000000000004026896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbc0baddfac87b02021-12-22 12:46:22.448root 11241100x80000000000000004026897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae3cd6bc47186fc2021-12-22 12:46:22.448root 11241100x80000000000000004026898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af5ba7534de5fbc2021-12-22 12:46:22.448root 11241100x80000000000000004026899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3fcea8b098d77f2021-12-22 12:46:22.448root 11241100x80000000000000004026900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb9b0e672f1fe382021-12-22 12:46:22.448root 11241100x80000000000000004026901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245781cae98d1c952021-12-22 12:46:22.449root 11241100x80000000000000004026902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4966ee76c599d052021-12-22 12:46:22.449root 11241100x80000000000000004026903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4351c9d875980f72021-12-22 12:46:22.449root 11241100x80000000000000004026904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4c4f3b29fcfd312021-12-22 12:46:22.449root 11241100x80000000000000004026905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b34bf716f8d1a392021-12-22 12:46:22.450root 11241100x80000000000000004026906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011c1cbca20208042021-12-22 12:46:22.450root 11241100x80000000000000004026907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8a412186937a172021-12-22 12:46:22.450root 11241100x80000000000000004026908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fb1345fa9ea91b2021-12-22 12:46:22.450root 11241100x80000000000000004026909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac33b3d16ee6d1122021-12-22 12:46:22.451root 11241100x80000000000000004026910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb5e2aaee6802752021-12-22 12:46:22.451root 11241100x80000000000000004026911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989d89986d2701f02021-12-22 12:46:22.451root 11241100x80000000000000004026912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523196e762f08f472021-12-22 12:46:22.452root 11241100x80000000000000004026913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b463e790435fde2021-12-22 12:46:22.943root 11241100x80000000000000004026914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7052842bf2539c672021-12-22 12:46:22.943root 11241100x80000000000000004026915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eaef3bd97f3b952021-12-22 12:46:22.943root 11241100x80000000000000004026916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d583f0ae525d78322021-12-22 12:46:22.943root 11241100x80000000000000004026917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7295bdd5a18825bb2021-12-22 12:46:22.944root 11241100x80000000000000004026918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b254bf86e22f152021-12-22 12:46:22.944root 11241100x80000000000000004026919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d74b3d84b5637a2021-12-22 12:46:22.944root 11241100x80000000000000004026920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8aac9514d19bd862021-12-22 12:46:22.944root 11241100x80000000000000004026921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25de5afb91e339b42021-12-22 12:46:22.944root 11241100x80000000000000004026922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023d24eaf96839332021-12-22 12:46:22.944root 11241100x80000000000000004026923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affcf505fba1379b2021-12-22 12:46:22.944root 11241100x80000000000000004026924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3906286d2067be12021-12-22 12:46:22.944root 11241100x80000000000000004026925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1590dae0b27886312021-12-22 12:46:22.944root 11241100x80000000000000004026926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9412a8c85b03a22021-12-22 12:46:22.944root 11241100x80000000000000004026927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927d68c5d979678a2021-12-22 12:46:22.944root 11241100x80000000000000004026928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa45420cb7c07fe12021-12-22 12:46:22.944root 11241100x80000000000000004026929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7c7555ecec8b032021-12-22 12:46:22.944root 11241100x80000000000000004026930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cdebb8139e9bf82021-12-22 12:46:22.944root 11241100x80000000000000004026931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b37a94ffba6b4c2021-12-22 12:46:22.944root 11241100x80000000000000004026932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6c5176e13d3c212021-12-22 12:46:22.945root 11241100x80000000000000004026933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfcc098b08899e82021-12-22 12:46:22.945root 11241100x80000000000000004026934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedfc216e33e5ecd2021-12-22 12:46:22.945root 11241100x80000000000000004026935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23607117fde0c852021-12-22 12:46:22.945root 11241100x80000000000000004026936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d22f745cf157a42021-12-22 12:46:22.945root 11241100x80000000000000004026937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6b2fbfe119af082021-12-22 12:46:22.945root 11241100x80000000000000004026938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d03f88136a26682021-12-22 12:46:22.945root 11241100x80000000000000004026939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034f32125eb1d7c02021-12-22 12:46:22.945root 11241100x80000000000000004026940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8162a68fb602842021-12-22 12:46:22.946root 11241100x80000000000000004026941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35627bb437cd3e72021-12-22 12:46:22.946root 11241100x80000000000000004026942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6691a72348a2c02021-12-22 12:46:22.946root 11241100x80000000000000004026943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be8011f86b45cab2021-12-22 12:46:22.946root 11241100x80000000000000004026944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e69c663eefe4bd2021-12-22 12:46:22.946root 11241100x80000000000000004026945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fb1ed5599ae1392021-12-22 12:46:22.946root 11241100x80000000000000004026946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f33b97455334e322021-12-22 12:46:22.946root 11241100x80000000000000004026947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c249e171b16805842021-12-22 12:46:22.947root 11241100x80000000000000004026948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6843dcf6528b3d62021-12-22 12:46:22.947root 11241100x80000000000000004026949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d198bb1a6b3e31bc2021-12-22 12:46:22.947root 11241100x80000000000000004026950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cf7874148d70e62021-12-22 12:46:22.947root 354300x80000000000000004026951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.067{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56884-false10.0.1.12-8000- 154100x80000000000000004026952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.397{ec2b6afe-1e1f-61c3-780f-0043aa550000}22726/bin/mkdir-----mkdir rootkit/lib/modules/5.4.0-1060-aws/kernel/driversubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000004026953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.399{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4043a91fdd54692021-12-22 12:46:23.399root 11241100x80000000000000004026954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.399{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c8fd3f0bc6f19a2021-12-22 12:46:23.399root 534500x80000000000000004026955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.399{ec2b6afe-1e1f-61c3-780f-0043aa550000}22726/bin/mkdirubuntu 11241100x80000000000000004026956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.399{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd29488bc258f2b62021-12-22 12:46:23.399root 11241100x80000000000000004026957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.399{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4059f5892444b4762021-12-22 12:46:23.399root 11241100x80000000000000004026958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.399{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0173d79fbe01d72021-12-22 12:46:23.399root 11241100x80000000000000004026959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.399{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497629b7d49ca0c72021-12-22 12:46:23.399root 11241100x80000000000000004026960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.399{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16685b4957c374f52021-12-22 12:46:23.399root 11241100x80000000000000004026961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.399{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9a807ef0ae31482021-12-22 12:46:23.399root 11241100x80000000000000004026962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.399{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ca2007613bc0822021-12-22 12:46:23.399root 11241100x80000000000000004026963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.399{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200fc8bb0024c04b2021-12-22 12:46:23.399root 11241100x80000000000000004026964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28247fab0aec5f4d2021-12-22 12:46:23.400root 11241100x80000000000000004026965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d17fc99158cf9b12021-12-22 12:46:23.400root 11241100x80000000000000004026966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc784625c21616cc2021-12-22 12:46:23.400root 11241100x80000000000000004026967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4066fb2961e646072021-12-22 12:46:23.400root 11241100x80000000000000004026968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98a38b113554bcb2021-12-22 12:46:23.400root 11241100x80000000000000004026969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9e64b3551828b52021-12-22 12:46:23.400root 11241100x80000000000000004026970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad51107c02ce240c2021-12-22 12:46:23.400root 11241100x80000000000000004026971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0969bbf00e2c69802021-12-22 12:46:23.400root 11241100x80000000000000004026972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949e03d370915e4f2021-12-22 12:46:23.400root 11241100x80000000000000004026973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86366b34d1632a7c2021-12-22 12:46:23.400root 11241100x80000000000000004026974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c400363d108cb70e2021-12-22 12:46:23.400root 11241100x80000000000000004026975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.400{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce04ddd139c770e2021-12-22 12:46:23.400root 11241100x80000000000000004026976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.401{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3d0fe39b228ec72021-12-22 12:46:23.401root 11241100x80000000000000004026977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.401{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3eb8716ff4ce64c2021-12-22 12:46:23.401root 11241100x80000000000000004026978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.401{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bb37f2a393f14a2021-12-22 12:46:23.401root 11241100x80000000000000004026979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.401{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6aa6c9c314a3d3a2021-12-22 12:46:23.401root 11241100x80000000000000004026980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.401{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7556ebd1a2690e12021-12-22 12:46:23.401root 11241100x80000000000000004026981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.401{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e011e681ea846a812021-12-22 12:46:23.401root 11241100x80000000000000004026982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.401{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e447907a947e48e82021-12-22 12:46:23.401root 11241100x80000000000000004026983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.401{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47fa7224c89ba7e2021-12-22 12:46:23.401root 11241100x80000000000000004026984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.401{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06377227bac2d902021-12-22 12:46:23.401root 11241100x80000000000000004026985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.401{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c009682efeccd672021-12-22 12:46:23.401root 11241100x80000000000000004026986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.401{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3927478f8fce2b92021-12-22 12:46:23.401root 11241100x80000000000000004026987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.402{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b32ef6f92a225c92021-12-22 12:46:23.402root 11241100x80000000000000004026988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.402{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ef3d9f9b4d630b2021-12-22 12:46:23.402root 11241100x80000000000000004026989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.402{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a7bd37ab412da02021-12-22 12:46:23.402root 11241100x80000000000000004026990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.402{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac3082de72c0d8a2021-12-22 12:46:23.402root 11241100x80000000000000004026991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.402{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1b502ed623c5592021-12-22 12:46:23.402root 11241100x80000000000000004026992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.402{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89726a599f49d482021-12-22 12:46:23.402root 11241100x80000000000000004026993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.402{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62fb9d71854a9e62021-12-22 12:46:23.402root 11241100x80000000000000004026994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.402{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2b839f454466bc2021-12-22 12:46:23.402root 11241100x80000000000000004026995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.402{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b8cabdb79cd1782021-12-22 12:46:23.402root 11241100x80000000000000004026996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.402{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e072c200bcf657422021-12-22 12:46:23.402root 11241100x80000000000000004026997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.402{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c7f89f009b9b0b2021-12-22 12:46:23.402root 11241100x80000000000000004026998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335cecc51837e6cc2021-12-22 12:46:23.403root 11241100x80000000000000004026999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0b471299b0c6b2021-12-22 12:46:23.403root 11241100x80000000000000004027000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb48594d7b749bd2021-12-22 12:46:23.403root 11241100x80000000000000004027001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48756aff4909184d2021-12-22 12:46:23.403root 11241100x80000000000000004027002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605a048bc5ce82172021-12-22 12:46:23.403root 11241100x80000000000000004027003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0727c43b685c33a02021-12-22 12:46:23.403root 11241100x80000000000000004027004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ab4f9014b18d6f2021-12-22 12:46:23.403root 11241100x80000000000000004027005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80efccd13242f6df2021-12-22 12:46:23.403root 11241100x80000000000000004027006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895a0eec1441f1c72021-12-22 12:46:23.403root 11241100x80000000000000004027007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5826abbf004acf052021-12-22 12:46:23.403root 11241100x80000000000000004027008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d71bbe061346512021-12-22 12:46:23.403root 11241100x80000000000000004027009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9630dd73d994e62021-12-22 12:46:23.403root 11241100x80000000000000004027010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.403{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffecef0664ca8d732021-12-22 12:46:23.403root 11241100x80000000000000004027011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.404{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c233d4f8a6f0ff2021-12-22 12:46:23.404root 11241100x80000000000000004027012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.404{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c8f0c49bf5d1e72021-12-22 12:46:23.404root 11241100x80000000000000004027013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.404{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04e4d11262c762d2021-12-22 12:46:23.404root 11241100x80000000000000004027014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.404{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc31a562356c0f62021-12-22 12:46:23.404root 11241100x80000000000000004027015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.404{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebfc200443c091e2021-12-22 12:46:23.404root 11241100x80000000000000004027016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.404{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1e9f51f75cf9ee2021-12-22 12:46:23.404root 11241100x80000000000000004027017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.404{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ce846b333c6a662021-12-22 12:46:23.404root 11241100x80000000000000004027018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b0e77abc0290e62021-12-22 12:46:23.405root 11241100x80000000000000004027019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507c40b53041bec12021-12-22 12:46:23.405root 11241100x80000000000000004027020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf29bfcc24e94bb2021-12-22 12:46:23.406root 11241100x80000000000000004027021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84987c6391b8997e2021-12-22 12:46:23.406root 11241100x80000000000000004027022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefa7f2311a16a532021-12-22 12:46:23.406root 11241100x80000000000000004027023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896130aab12bf1782021-12-22 12:46:23.406root 11241100x80000000000000004027024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bba5bbd3ce4c48a2021-12-22 12:46:23.693root 11241100x80000000000000004027025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1964b519fe9b88b2021-12-22 12:46:23.693root 11241100x80000000000000004027026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d2358b6ad591802021-12-22 12:46:23.693root 11241100x80000000000000004027027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce14dfcf15d788652021-12-22 12:46:23.693root 11241100x80000000000000004027028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41da33bebc76efb2021-12-22 12:46:23.693root 11241100x80000000000000004027029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1114f07daeb4ba492021-12-22 12:46:23.694root 11241100x80000000000000004027030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1b2da7e4874e9f2021-12-22 12:46:23.694root 11241100x80000000000000004027031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5961d8c747fed33c2021-12-22 12:46:23.694root 11241100x80000000000000004027032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058babc4c4cf981d2021-12-22 12:46:23.694root 11241100x80000000000000004027033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ba1b516a50e6bd2021-12-22 12:46:23.694root 11241100x80000000000000004027034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03d8d4d806bedf02021-12-22 12:46:23.694root 11241100x80000000000000004027035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb808f43254285ea2021-12-22 12:46:23.694root 11241100x80000000000000004027036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c09d0f8927d9702021-12-22 12:46:23.695root 11241100x80000000000000004027037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4a5e92d4e0cd332021-12-22 12:46:23.695root 11241100x80000000000000004027038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da46162cccca91d02021-12-22 12:46:23.695root 11241100x80000000000000004027039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cb96243378277b2021-12-22 12:46:23.695root 11241100x80000000000000004027040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116afd5c18490c082021-12-22 12:46:23.695root 11241100x80000000000000004027041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d006b1b21b6ba7aa2021-12-22 12:46:23.695root 11241100x80000000000000004027042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8ca11ba8fcc1d92021-12-22 12:46:23.695root 11241100x80000000000000004027043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17edaaae4e73a3272021-12-22 12:46:23.695root 11241100x80000000000000004027044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac59897b25327542021-12-22 12:46:23.695root 11241100x80000000000000004027045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aaa4ffe6731830e2021-12-22 12:46:23.695root 11241100x80000000000000004027046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d154adaf564b88d12021-12-22 12:46:23.695root 11241100x80000000000000004027047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96071c67836cba702021-12-22 12:46:23.695root 11241100x80000000000000004027048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da85c760d3399e32021-12-22 12:46:23.695root 11241100x80000000000000004027049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c923877646726b2021-12-22 12:46:23.695root 11241100x80000000000000004027050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5068a761d50335362021-12-22 12:46:23.695root 11241100x80000000000000004027051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f8c958f41189cd2021-12-22 12:46:23.696root 11241100x80000000000000004027052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e840de52eb024f2021-12-22 12:46:23.696root 11241100x80000000000000004027053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce11633c42a848eb2021-12-22 12:46:23.696root 11241100x80000000000000004027054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8cf4721773ddc22021-12-22 12:46:23.696root 11241100x80000000000000004027055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e7058088076aa12021-12-22 12:46:23.696root 11241100x80000000000000004027056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240ffe348fe394cc2021-12-22 12:46:23.696root 11241100x80000000000000004027057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014630d12ecff7672021-12-22 12:46:23.696root 11241100x80000000000000004027058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2658f2bf7260bb7f2021-12-22 12:46:23.696root 11241100x80000000000000004027059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4aa4f08e92413632021-12-22 12:46:23.696root 11241100x80000000000000004027060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5706742e8699e48f2021-12-22 12:46:23.696root 11241100x80000000000000004027061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a89bd1e9e175fe2021-12-22 12:46:23.696root 11241100x80000000000000004027062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e700d8ef629e090f2021-12-22 12:46:23.696root 11241100x80000000000000004027063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9045de50421457a2021-12-22 12:46:23.696root 11241100x80000000000000004027064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6d170dedbeba822021-12-22 12:46:23.697root 11241100x80000000000000004027065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be79f8ebe26f8402021-12-22 12:46:23.697root 11241100x80000000000000004027066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c44b236ffaf43c32021-12-22 12:46:23.697root 11241100x80000000000000004027067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c488f429a17e802021-12-22 12:46:23.697root 11241100x80000000000000004027068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f502a004de2372c2021-12-22 12:46:23.697root 11241100x80000000000000004027069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1373a2a9c3325732021-12-22 12:46:23.697root 11241100x80000000000000004027070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0347e7fc43e76952021-12-22 12:46:23.697root 11241100x80000000000000004027071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1988834e136d1a2021-12-22 12:46:23.697root 11241100x80000000000000004027072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e4fe5e8a1452f92021-12-22 12:46:23.697root 11241100x80000000000000004027073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d22d7eb34214ae2021-12-22 12:46:23.697root 11241100x80000000000000004027074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ec10237f52614a2021-12-22 12:46:23.697root 11241100x80000000000000004027075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438ae7e4f67926f32021-12-22 12:46:24.193root 11241100x80000000000000004027076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5328c42995ac4972021-12-22 12:46:24.193root 11241100x80000000000000004027077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79f028dc30745952021-12-22 12:46:24.193root 11241100x80000000000000004027078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de128f952f94b5d2021-12-22 12:46:24.194root 11241100x80000000000000004027079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0549c1d2496119ba2021-12-22 12:46:24.194root 11241100x80000000000000004027080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef599a2efd3ae69a2021-12-22 12:46:24.194root 11241100x80000000000000004027081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05104cb757bf82f2021-12-22 12:46:24.194root 11241100x80000000000000004027082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626873199f6ca3b32021-12-22 12:46:24.194root 11241100x80000000000000004027083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f53451a9aeab2612021-12-22 12:46:24.194root 11241100x80000000000000004027084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e1da273c1d05252021-12-22 12:46:24.194root 11241100x80000000000000004027085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433ab3233b419e7a2021-12-22 12:46:24.194root 11241100x80000000000000004027086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d0b1102b2ee8212021-12-22 12:46:24.195root 11241100x80000000000000004027087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2eb594f5c7d11902021-12-22 12:46:24.195root 11241100x80000000000000004027088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a53a58f81af0f42021-12-22 12:46:24.195root 11241100x80000000000000004027089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae53923f63126972021-12-22 12:46:24.195root 11241100x80000000000000004027090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0cfcfb4806f0362021-12-22 12:46:24.195root 11241100x80000000000000004027091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27156450656388b2021-12-22 12:46:24.195root 11241100x80000000000000004027092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c496fdbeb3a9352021-12-22 12:46:24.195root 11241100x80000000000000004027093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b737e69729831ddf2021-12-22 12:46:24.195root 11241100x80000000000000004027094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944cf6b26624879d2021-12-22 12:46:24.196root 11241100x80000000000000004027095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96614683637b0f362021-12-22 12:46:24.196root 11241100x80000000000000004027096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13ddcf3f608da352021-12-22 12:46:24.196root 11241100x80000000000000004027097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b56b76d21052962021-12-22 12:46:24.196root 11241100x80000000000000004027098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e258a9392720522021-12-22 12:46:24.196root 11241100x80000000000000004027099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694ef4a6b923ad1d2021-12-22 12:46:24.196root 11241100x80000000000000004027100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791dd98f8c98a09b2021-12-22 12:46:24.196root 11241100x80000000000000004027101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502bec7ccd4d20422021-12-22 12:46:24.196root 11241100x80000000000000004027102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6f7bebfb8094d02021-12-22 12:46:24.197root 11241100x80000000000000004027103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33dc9e985d6e9602021-12-22 12:46:24.197root 11241100x80000000000000004027104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0e1dcbe4cad5102021-12-22 12:46:24.197root 11241100x80000000000000004027105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a72d2f671e55cc22021-12-22 12:46:24.197root 11241100x80000000000000004027106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0067072835655852021-12-22 12:46:24.197root 11241100x80000000000000004027107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfa84cc528ca9a72021-12-22 12:46:24.197root 11241100x80000000000000004027108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337e0b5add0d53152021-12-22 12:46:24.197root 11241100x80000000000000004027109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1c36d74505b3cb2021-12-22 12:46:24.197root 11241100x80000000000000004027110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18eec24945aa4092021-12-22 12:46:24.198root 11241100x80000000000000004027111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482752f9a168a39e2021-12-22 12:46:24.198root 11241100x80000000000000004027112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36943d944b3340c22021-12-22 12:46:24.198root 11241100x80000000000000004027113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063e3aa2aebd5aaf2021-12-22 12:46:24.198root 11241100x80000000000000004027114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c20cf26ddd853d92021-12-22 12:46:24.198root 11241100x80000000000000004027115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c64399df5f0d4802021-12-22 12:46:24.198root 11241100x80000000000000004027116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfa76e959eb31b62021-12-22 12:46:24.693root 11241100x80000000000000004027117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726199eee58e04a52021-12-22 12:46:24.693root 11241100x80000000000000004027118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad47cdd838d79942021-12-22 12:46:24.693root 11241100x80000000000000004027119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6497732b8027cf2021-12-22 12:46:24.693root 11241100x80000000000000004027120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfe3d9f58e56c372021-12-22 12:46:24.693root 11241100x80000000000000004027121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602ddc3b187812e62021-12-22 12:46:24.694root 11241100x80000000000000004027122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42618e9204d939312021-12-22 12:46:24.694root 11241100x80000000000000004027123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58dafa78aeb8e6c2021-12-22 12:46:24.694root 11241100x80000000000000004027124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925c870ab22663f72021-12-22 12:46:24.694root 11241100x80000000000000004027125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6076b057e464d7112021-12-22 12:46:24.694root 11241100x80000000000000004027126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713603c102231e0e2021-12-22 12:46:24.694root 11241100x80000000000000004027127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734cf65dedbcfa6e2021-12-22 12:46:24.695root 11241100x80000000000000004027128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d860fcc78d07f65f2021-12-22 12:46:24.695root 11241100x80000000000000004027129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fe279d5c46ebb22021-12-22 12:46:24.695root 11241100x80000000000000004027130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b7ce54a418b2452021-12-22 12:46:24.695root 11241100x80000000000000004027131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49bded1e15714272021-12-22 12:46:24.696root 11241100x80000000000000004027132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d385077dd80aa82021-12-22 12:46:24.696root 11241100x80000000000000004027133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e4ccca594d405b2021-12-22 12:46:24.696root 11241100x80000000000000004027134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d788800efc147d52021-12-22 12:46:24.696root 11241100x80000000000000004027135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080ef942e4f8d1672021-12-22 12:46:24.696root 11241100x80000000000000004027136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7e31543807b6a02021-12-22 12:46:24.697root 11241100x80000000000000004027137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aaaf5d6bb0e0962021-12-22 12:46:24.697root 11241100x80000000000000004027138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5076f1e969213482021-12-22 12:46:24.697root 11241100x80000000000000004027139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dab41420a44c4c2021-12-22 12:46:24.697root 11241100x80000000000000004027140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81fddfc820130102021-12-22 12:46:24.697root 11241100x80000000000000004027141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3935f92922b0942021-12-22 12:46:24.697root 11241100x80000000000000004027142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870ab97e1eb008322021-12-22 12:46:24.697root 11241100x80000000000000004027143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0c791b1ce2cf812021-12-22 12:46:24.698root 11241100x80000000000000004027144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f458d917914b3c682021-12-22 12:46:24.698root 11241100x80000000000000004027145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109ceaebb4c29d692021-12-22 12:46:24.698root 11241100x80000000000000004027146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ffa044edcfde552021-12-22 12:46:24.698root 11241100x80000000000000004027147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839e9f23a5a0d0ff2021-12-22 12:46:24.698root 11241100x80000000000000004027148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a6f1fe4b69e4c32021-12-22 12:46:24.698root 11241100x80000000000000004027149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8966a60046245abe2021-12-22 12:46:24.698root 11241100x80000000000000004027150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a530ce517b6c8fd52021-12-22 12:46:24.698root 11241100x80000000000000004027151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e674468aa84d0c72021-12-22 12:46:24.698root 11241100x80000000000000004027152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9373979b4597742021-12-22 12:46:24.699root 11241100x80000000000000004027153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a227ca651b5a74b2021-12-22 12:46:24.699root 11241100x80000000000000004027154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393e5b67d59fbe1c2021-12-22 12:46:24.699root 11241100x80000000000000004027155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9e7b6d290e3ce72021-12-22 12:46:24.699root 11241100x80000000000000004027156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461f55b2c3f8831c2021-12-22 12:46:24.699root 11241100x80000000000000004027157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adff2834768d25ab2021-12-22 12:46:24.699root 11241100x80000000000000004027158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7f6a1ef882454c2021-12-22 12:46:24.700root 11241100x80000000000000004027159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff517e19c89e7cb2021-12-22 12:46:24.700root 11241100x80000000000000004027160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c093b0497b84eba2021-12-22 12:46:24.700root 11241100x80000000000000004027161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c71398d1d3eadf82021-12-22 12:46:25.193root 11241100x80000000000000004027162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a870044fc0d4fe7d2021-12-22 12:46:25.193root 11241100x80000000000000004027163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7a204278eda6592021-12-22 12:46:25.194root 11241100x80000000000000004027164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de57ea85151025fb2021-12-22 12:46:25.194root 11241100x80000000000000004027165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcf427de05e0cfc2021-12-22 12:46:25.194root 11241100x80000000000000004027166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef54ba7bdf22dd22021-12-22 12:46:25.194root 11241100x80000000000000004027167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231109cb50858c0e2021-12-22 12:46:25.195root 11241100x80000000000000004027168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa104c9ed0a51622021-12-22 12:46:25.195root 11241100x80000000000000004027169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2846ec177ce4f532021-12-22 12:46:25.195root 11241100x80000000000000004027170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e86a80a1e5e73b82021-12-22 12:46:25.195root 11241100x80000000000000004027171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be7fe7c97e50af72021-12-22 12:46:25.195root 11241100x80000000000000004027172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bda60c1fb158b82021-12-22 12:46:25.195root 11241100x80000000000000004027173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8353a25d2ee5e7ad2021-12-22 12:46:25.196root 11241100x80000000000000004027174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e89ec1040c119e32021-12-22 12:46:25.196root 11241100x80000000000000004027175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad4eb37bfab7b832021-12-22 12:46:25.196root 11241100x80000000000000004027176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e7fc9c6ba010902021-12-22 12:46:25.196root 11241100x80000000000000004027177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43a15969795855f2021-12-22 12:46:25.196root 11241100x80000000000000004027178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c8a26329cbfcd92021-12-22 12:46:25.196root 11241100x80000000000000004027179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3110a89aca5cf922021-12-22 12:46:25.196root 11241100x80000000000000004027180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e45057ff3d8a5e82021-12-22 12:46:25.196root 11241100x80000000000000004027181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6523a0cc5f84cbc32021-12-22 12:46:25.197root 11241100x80000000000000004027182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd14fd26d159c652021-12-22 12:46:25.197root 11241100x80000000000000004027183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6810dfd91c5215d2021-12-22 12:46:25.197root 11241100x80000000000000004027184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c0e3706da4780c2021-12-22 12:46:25.198root 11241100x80000000000000004027185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fd56b4ea2bf1fb2021-12-22 12:46:25.198root 11241100x80000000000000004027186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320b070f53f0cad92021-12-22 12:46:25.198root 11241100x80000000000000004027187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8faf15132a454ac2021-12-22 12:46:25.198root 11241100x80000000000000004027188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760bc0c5660aa5ff2021-12-22 12:46:25.198root 11241100x80000000000000004027189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffce6c9566edb9412021-12-22 12:46:25.198root 11241100x80000000000000004027190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a1b93c5a18ded32021-12-22 12:46:25.198root 11241100x80000000000000004027191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137dbdcbecaf46412021-12-22 12:46:25.198root 11241100x80000000000000004027192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d27b5f0170c4bc32021-12-22 12:46:25.199root 11241100x80000000000000004027193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecdc09a49d2ef2a2021-12-22 12:46:25.199root 11241100x80000000000000004027194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2f4b49e87c3ac02021-12-22 12:46:25.199root 11241100x80000000000000004027195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf546df870a4bc2021-12-22 12:46:25.199root 11241100x80000000000000004027196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97850da2cf24fe4d2021-12-22 12:46:25.199root 11241100x80000000000000004027197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db347b8d92d0b0292021-12-22 12:46:25.199root 11241100x80000000000000004027198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e0fbe7e059377d2021-12-22 12:46:25.199root 11241100x80000000000000004027199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd44feafe4ecacf2021-12-22 12:46:25.200root 11241100x80000000000000004027200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b08bc54baf3e2de2021-12-22 12:46:25.200root 11241100x80000000000000004027201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcda4dbadbe22cb2021-12-22 12:46:25.200root 11241100x80000000000000004027202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb5e4474b3130712021-12-22 12:46:25.200root 11241100x80000000000000004027203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d38a2638422b7082021-12-22 12:46:25.200root 11241100x80000000000000004027204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4358cc764f09c0aa2021-12-22 12:46:25.200root 11241100x80000000000000004027205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4f58ab28e9ae162021-12-22 12:46:25.200root 11241100x80000000000000004027206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2babfad1cddf77c2021-12-22 12:46:25.693root 11241100x80000000000000004027207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f30b86018213c82021-12-22 12:46:25.693root 11241100x80000000000000004027208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2ea871eb822e932021-12-22 12:46:25.693root 11241100x80000000000000004027209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e53f64603cdee52021-12-22 12:46:25.694root 11241100x80000000000000004027210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42379416aac82c8c2021-12-22 12:46:25.694root 11241100x80000000000000004027211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd07ab87f104b5b42021-12-22 12:46:25.694root 11241100x80000000000000004027212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccdfa30e035e4cd2021-12-22 12:46:25.694root 11241100x80000000000000004027213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20b6a853e458fdd2021-12-22 12:46:25.694root 11241100x80000000000000004027214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8808899bcf07336a2021-12-22 12:46:25.694root 11241100x80000000000000004027215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1629de2399ed8f2021-12-22 12:46:25.694root 11241100x80000000000000004027216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e157b873b0ab01b2021-12-22 12:46:25.694root 11241100x80000000000000004027217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0a57a63c553c102021-12-22 12:46:25.694root 11241100x80000000000000004027218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6412ab14b99e99e02021-12-22 12:46:25.694root 11241100x80000000000000004027219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706e5c6a9b91ed842021-12-22 12:46:25.694root 11241100x80000000000000004027220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5d10ecc5f123b22021-12-22 12:46:25.695root 11241100x80000000000000004027221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0604ae9e9c3f20542021-12-22 12:46:25.695root 11241100x80000000000000004027222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda128dd1ee2c3b92021-12-22 12:46:25.695root 11241100x80000000000000004027223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b5584f95c4a84b2021-12-22 12:46:25.695root 11241100x80000000000000004027224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f8fc78b05229ea2021-12-22 12:46:25.695root 11241100x80000000000000004027225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49a90405b3b8a7e2021-12-22 12:46:25.695root 11241100x80000000000000004027226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a4a67cab6e90802021-12-22 12:46:25.695root 11241100x80000000000000004027227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2805b7b656675f3a2021-12-22 12:46:25.695root 11241100x80000000000000004027228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14327bb127e61e452021-12-22 12:46:25.695root 11241100x80000000000000004027229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1eb6952de4c8b52021-12-22 12:46:25.696root 11241100x80000000000000004027230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25084865497550802021-12-22 12:46:25.696root 11241100x80000000000000004027231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5734bbafcb52512021-12-22 12:46:25.696root 11241100x80000000000000004027232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeca4bbc910d2e92021-12-22 12:46:25.696root 11241100x80000000000000004027233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f94ef83ad0db692021-12-22 12:46:25.696root 11241100x80000000000000004027234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938a12ce8be28bf32021-12-22 12:46:25.696root 11241100x80000000000000004027235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7f366ab0fed6622021-12-22 12:46:25.696root 11241100x80000000000000004027236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfd37e428b2ecf72021-12-22 12:46:25.696root 11241100x80000000000000004027237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfdd46d9d68bd0d2021-12-22 12:46:25.696root 11241100x80000000000000004027238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d43aeb15d0bef062021-12-22 12:46:25.696root 11241100x80000000000000004027239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c15a5de123a6122021-12-22 12:46:25.697root 11241100x80000000000000004027240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb33d40497f4dbdb2021-12-22 12:46:25.697root 11241100x80000000000000004027241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d182d69e5866cd8f2021-12-22 12:46:25.697root 11241100x80000000000000004027242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc56536696e0bccf2021-12-22 12:46:25.697root 11241100x80000000000000004027243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52185ffab78f25832021-12-22 12:46:25.697root 11241100x80000000000000004027244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95958864a14d8fb62021-12-22 12:46:25.697root 11241100x80000000000000004027245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e438026442584dd82021-12-22 12:46:25.697root 11241100x80000000000000004027246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48f02fac6087a822021-12-22 12:46:25.697root 11241100x80000000000000004027247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97de2efbf50ad042021-12-22 12:46:25.697root 11241100x80000000000000004027248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a474abd5a58164382021-12-22 12:46:26.193root 11241100x80000000000000004027249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae778c35e49c83f32021-12-22 12:46:26.193root 11241100x80000000000000004027250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bb4c798463a45d2021-12-22 12:46:26.194root 11241100x80000000000000004027251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179a43c40d1aed9c2021-12-22 12:46:26.194root 11241100x80000000000000004027252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea442e789c31f572021-12-22 12:46:26.194root 11241100x80000000000000004027253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2e0739c3a248782021-12-22 12:46:26.194root 11241100x80000000000000004027254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb4e0934e4bf20f2021-12-22 12:46:26.194root 11241100x80000000000000004027255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a75434fc08729fc2021-12-22 12:46:26.194root 11241100x80000000000000004027256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2e8bc1cd3879f12021-12-22 12:46:26.194root 11241100x80000000000000004027257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1490c2edcf0941f92021-12-22 12:46:26.195root 11241100x80000000000000004027258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0c63e82b2793842021-12-22 12:46:26.195root 11241100x80000000000000004027259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b15719c0a1765b82021-12-22 12:46:26.195root 11241100x80000000000000004027260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc6246105e37ff02021-12-22 12:46:26.195root 11241100x80000000000000004027261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec03a5ca06f5ac422021-12-22 12:46:26.195root 11241100x80000000000000004027262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed696a661f264402021-12-22 12:46:26.195root 11241100x80000000000000004027263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bfcbd0cf7ff1b62021-12-22 12:46:26.195root 11241100x80000000000000004027264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79396209cfc240c2021-12-22 12:46:26.196root 11241100x80000000000000004027265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be65dcbc98190482021-12-22 12:46:26.196root 11241100x80000000000000004027266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79de26b29b2e7a842021-12-22 12:46:26.196root 11241100x80000000000000004027267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cefc94863775eb22021-12-22 12:46:26.196root 11241100x80000000000000004027268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6086e7a684b71e302021-12-22 12:46:26.196root 11241100x80000000000000004027269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5f6147cb5ab4eb2021-12-22 12:46:26.196root 11241100x80000000000000004027270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f0a03d4715a2132021-12-22 12:46:26.196root 11241100x80000000000000004027271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d255df2a393cbb102021-12-22 12:46:26.196root 11241100x80000000000000004027272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7fda78eec17eba2021-12-22 12:46:26.196root 11241100x80000000000000004027273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e30f5da26736b72021-12-22 12:46:26.196root 11241100x80000000000000004027274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ac4e1add3ffb962021-12-22 12:46:26.196root 11241100x80000000000000004027275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da7546359c016d12021-12-22 12:46:26.197root 11241100x80000000000000004027276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f03f7237f1136a2021-12-22 12:46:26.197root 11241100x80000000000000004027277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347418ff416f02f22021-12-22 12:46:26.197root 11241100x80000000000000004027278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f085f095decfbe4c2021-12-22 12:46:26.197root 11241100x80000000000000004027279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997aad157c7f89ad2021-12-22 12:46:26.197root 11241100x80000000000000004027280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00cd1bd05e679182021-12-22 12:46:26.197root 11241100x80000000000000004027281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3c8bd1d86343972021-12-22 12:46:26.197root 11241100x80000000000000004027282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae98dedd1a5545a92021-12-22 12:46:26.197root 11241100x80000000000000004027283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0cca727dfa24b52021-12-22 12:46:26.197root 11241100x80000000000000004027284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e052d0604fb7fb2021-12-22 12:46:26.197root 11241100x80000000000000004027285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3431d8e908f6eeb2021-12-22 12:46:26.197root 11241100x80000000000000004027286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bf17cbb0144fae2021-12-22 12:46:26.198root 11241100x80000000000000004027287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4551be49d6141e62021-12-22 12:46:26.198root 11241100x80000000000000004027288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7683748e8ee356d2021-12-22 12:46:26.198root 11241100x80000000000000004027289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725276e87b58bf882021-12-22 12:46:26.198root 154100x80000000000000004027290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.424{ec2b6afe-1e22-61c3-08de-e9b151560000}22727/usr/bin/sudo-----sudo mkdir rootkit/lib/modules/5.4.0-1060-aws/kernel/driversubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 354300x80000000000000004027291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.427{ec2b6afe-1e22-61c3-08de-e9b151560000}22727/usr/bin/sudoubuntuudptruefalse127.0.0.1-51497-false127.0.0.53-53- 354300x80000000000000004027292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.428{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-41156-false10.0.0.2-53- 354300x80000000000000004027293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.428{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-50663-false10.0.0.2-53- 354300x80000000000000004027294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.431{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-51497- 354300x80000000000000004027295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.431{ec2b6afe-1e22-61c3-08de-e9b151560000}22727/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-51497- 354300x80000000000000004027296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.442{ec2b6afe-1e22-61c3-08de-e9b151560000}22727/usr/bin/sudoubuntuudptruefalse127.0.0.1-46017-false127.0.0.53-53- 354300x80000000000000004027297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.442{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-46017- 11241100x80000000000000004027298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313d89fc83b2a0122021-12-22 12:46:26.445root 11241100x80000000000000004027299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5933bd058b0da9572021-12-22 12:46:26.445root 11241100x80000000000000004027300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d8104f30c9cbd82021-12-22 12:46:26.445root 154100x80000000000000004027301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.445{ec2b6afe-1e22-61c3-789f-fa7a0c560000}22728/bin/mkdir-----mkdir rootkit/lib/modules/5.4.0-1060-aws/kernel/driversroot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-1e22-61c3-08de-e9b151560000}22727/usr/bin/sudosudoubuntu 11241100x80000000000000004027302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc405ea56a4667d22021-12-22 12:46:26.445root 11241100x80000000000000004027303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df175375d112e6822021-12-22 12:46:26.446root 534500x80000000000000004027304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.446{ec2b6afe-1e22-61c3-789f-fa7a0c560000}22728/bin/mkdirroot 11241100x80000000000000004027305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53336283324838622021-12-22 12:46:26.446root 11241100x80000000000000004027306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4922576512eb0c22021-12-22 12:46:26.447root 534500x80000000000000004027307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.447{ec2b6afe-1e22-61c3-08de-e9b151560000}22727/usr/bin/sudoroot 11241100x80000000000000004027308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e959b9427bd23f2021-12-22 12:46:26.447root 11241100x80000000000000004027309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b13084d83bf5e702021-12-22 12:46:26.447root 11241100x80000000000000004027310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0219cf7c106c83422021-12-22 12:46:26.448root 11241100x80000000000000004027311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf32dcedc3e94172021-12-22 12:46:26.448root 11241100x80000000000000004027312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471c967cb08c731c2021-12-22 12:46:26.448root 11241100x80000000000000004027313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e70e72960e0e4792021-12-22 12:46:26.449root 11241100x80000000000000004027314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bb8336a1d884312021-12-22 12:46:26.449root 11241100x80000000000000004027315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae5ae890bf103c82021-12-22 12:46:26.449root 11241100x80000000000000004027316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2234bd11927eacf2021-12-22 12:46:26.449root 11241100x80000000000000004027317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9470f089deeff7ee2021-12-22 12:46:26.449root 11241100x80000000000000004027318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810ecf3a2f77d6f22021-12-22 12:46:26.449root 11241100x80000000000000004027319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e4413ffd6687ce2021-12-22 12:46:26.449root 11241100x80000000000000004027320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef3c74c0c851aef2021-12-22 12:46:26.450root 11241100x80000000000000004027321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311cac24e9f822302021-12-22 12:46:26.450root 11241100x80000000000000004027322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e9e7eb52e794622021-12-22 12:46:26.450root 11241100x80000000000000004027323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb221fe6296a6ff2021-12-22 12:46:26.451root 11241100x80000000000000004027324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eabad033da36ed82021-12-22 12:46:26.451root 11241100x80000000000000004027325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74afe82905604c9b2021-12-22 12:46:26.451root 11241100x80000000000000004027326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64406c758b3589182021-12-22 12:46:26.451root 11241100x80000000000000004027327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c1830b3f824b4d2021-12-22 12:46:26.451root 11241100x80000000000000004027328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b67afe6fccc5ec2021-12-22 12:46:26.451root 11241100x80000000000000004027329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3d9229d9051f2e2021-12-22 12:46:26.451root 11241100x80000000000000004027330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5a143fee55cd312021-12-22 12:46:26.452root 11241100x80000000000000004027331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b82e9e0b2098d1d2021-12-22 12:46:26.452root 11241100x80000000000000004027332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24ad151ea48b6972021-12-22 12:46:26.452root 11241100x80000000000000004027333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7bacf7d7a915dc2021-12-22 12:46:26.452root 11241100x80000000000000004027334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eced2957e58d262021-12-22 12:46:26.452root 11241100x80000000000000004027335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13971969a6ecb9752021-12-22 12:46:26.452root 11241100x80000000000000004027336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8ef4874dffe6442021-12-22 12:46:26.452root 11241100x80000000000000004027337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1b15fcbe62723a2021-12-22 12:46:26.453root 11241100x80000000000000004027338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dbb28540ed7de52021-12-22 12:46:26.453root 11241100x80000000000000004027339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee560b2cd2251f872021-12-22 12:46:26.453root 11241100x80000000000000004027340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7c76fc45e3ccf12021-12-22 12:46:26.453root 11241100x80000000000000004027341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0843963f8614062d2021-12-22 12:46:26.454root 11241100x80000000000000004027342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779f5dcf9804e8902021-12-22 12:46:26.454root 11241100x80000000000000004027343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a00bc7ecc211ae32021-12-22 12:46:26.454root 11241100x80000000000000004027344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef70b898564a2a592021-12-22 12:46:26.454root 11241100x80000000000000004027345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb722410259b63812021-12-22 12:46:26.454root 11241100x80000000000000004027346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07072350c0321572021-12-22 12:46:26.454root 11241100x80000000000000004027347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca63aad9ea600ae82021-12-22 12:46:26.455root 11241100x80000000000000004027348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16987730904fc4882021-12-22 12:46:26.455root 11241100x80000000000000004027349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6288306aa884e42021-12-22 12:46:26.455root 11241100x80000000000000004027350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6376324357bee1362021-12-22 12:46:26.455root 11241100x80000000000000004027351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80193d5d757f1b032021-12-22 12:46:26.455root 11241100x80000000000000004027352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb3dd502d8277d92021-12-22 12:46:26.456root 11241100x80000000000000004027353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f906a527b66305992021-12-22 12:46:26.456root 11241100x80000000000000004027354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbca976cacc6da72021-12-22 12:46:26.456root 11241100x80000000000000004027355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4002e4dc53abca2021-12-22 12:46:26.457root 11241100x80000000000000004027356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad450e2a80a8bbb2021-12-22 12:46:26.457root 11241100x80000000000000004027357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee47ad8fe42e94422021-12-22 12:46:26.457root 11241100x80000000000000004027358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d58c63fc4704a02021-12-22 12:46:26.457root 11241100x80000000000000004027359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f690a415646852fd2021-12-22 12:46:26.458root 11241100x80000000000000004027360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1886a56ffa905592021-12-22 12:46:26.458root 11241100x80000000000000004027361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0af9943bdce82ca2021-12-22 12:46:26.458root 11241100x80000000000000004027362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb9102b608d08c42021-12-22 12:46:26.458root 11241100x80000000000000004027363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cf938e624c9b8d2021-12-22 12:46:26.458root 11241100x80000000000000004027364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6b32e7ce5844dd2021-12-22 12:46:26.458root 11241100x80000000000000004027365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6320a2d7812c2d1b2021-12-22 12:46:26.459root 11241100x80000000000000004027366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2795c9e68ffc1c7a2021-12-22 12:46:26.459root 11241100x80000000000000004027367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cfd23c74faee3d2021-12-22 12:46:26.459root 11241100x80000000000000004027368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77a0c5a90dc3cab2021-12-22 12:46:26.460root 11241100x80000000000000004027369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f7d234b03d16852021-12-22 12:46:26.460root 11241100x80000000000000004027370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8197b08d4327fd612021-12-22 12:46:26.460root 11241100x80000000000000004027371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fb1ba98f5abfbb2021-12-22 12:46:26.460root 11241100x80000000000000004027372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e892d86ebd5cfdb2021-12-22 12:46:26.461root 11241100x80000000000000004027373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cf449467b18a842021-12-22 12:46:26.461root 11241100x80000000000000004027374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f296f4a2ed42bc2021-12-22 12:46:26.461root 11241100x80000000000000004027375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3370a8311062c5832021-12-22 12:46:26.461root 11241100x80000000000000004027376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d56d8258277b0082021-12-22 12:46:26.462root 11241100x80000000000000004027377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791e80472848ae852021-12-22 12:46:26.462root 11241100x80000000000000004027378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4685f8704c9aac2021-12-22 12:46:26.462root 11241100x80000000000000004027379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac192a9f9d406342021-12-22 12:46:26.462root 11241100x80000000000000004027380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b99fea39545de6e2021-12-22 12:46:26.463root 11241100x80000000000000004027381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715d81a2e2e31f032021-12-22 12:46:26.463root 11241100x80000000000000004027382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36907b985df21e682021-12-22 12:46:26.463root 11241100x80000000000000004027383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7fd6bccc2d93632021-12-22 12:46:26.463root 11241100x80000000000000004027384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2ea0e506bb0e4b2021-12-22 12:46:26.464root 11241100x80000000000000004027385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196e3d892408334c2021-12-22 12:46:26.464root 11241100x80000000000000004027386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621c17dcc5fe622e2021-12-22 12:46:26.464root 11241100x80000000000000004027387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aff6112d4f7bb22021-12-22 12:46:26.464root 11241100x80000000000000004027388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4c145cbc75c9212021-12-22 12:46:26.464root 11241100x80000000000000004027389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd08bc8482fa98bd2021-12-22 12:46:26.464root 11241100x80000000000000004027390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4496c1f5157fa80b2021-12-22 12:46:26.465root 11241100x80000000000000004027391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7c0ce9d36c169c2021-12-22 12:46:26.465root 11241100x80000000000000004027392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86093eb4515bb76e2021-12-22 12:46:26.465root 11241100x80000000000000004027393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0596cfcae1a8be2021-12-22 12:46:26.465root 11241100x80000000000000004027394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aae07a7738cc7f22021-12-22 12:46:26.466root 11241100x80000000000000004027395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b900c507e3efd6012021-12-22 12:46:26.466root 11241100x80000000000000004027396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb5daa69c24fb492021-12-22 12:46:26.466root 11241100x80000000000000004027397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3777e492fddbe87c2021-12-22 12:46:26.466root 11241100x80000000000000004027398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abe9a9c475cbce02021-12-22 12:46:26.467root 11241100x80000000000000004027399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3c786788bdbd3f2021-12-22 12:46:26.467root 11241100x80000000000000004027400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc76a17c65f1a93f2021-12-22 12:46:26.467root 11241100x80000000000000004027401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f35b0ad9a10eba2021-12-22 12:46:26.467root 11241100x80000000000000004027402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70088b84345546b92021-12-22 12:46:26.468root 11241100x80000000000000004027403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb658e337964ae802021-12-22 12:46:26.468root 11241100x80000000000000004027404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8a37244b63f67e2021-12-22 12:46:26.468root 11241100x80000000000000004027405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1401efb80252fa072021-12-22 12:46:26.469root 11241100x80000000000000004027406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714a524ae11f164e2021-12-22 12:46:26.469root 11241100x80000000000000004027407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c22be19b6454a82021-12-22 12:46:26.469root 11241100x80000000000000004027408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a0f4b9cacd1bcc2021-12-22 12:46:26.469root 11241100x80000000000000004027409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25edd0b745b8e4922021-12-22 12:46:26.470root 11241100x80000000000000004027410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd84bdd55b562a042021-12-22 12:46:26.470root 11241100x80000000000000004027411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c5e1944eb258962021-12-22 12:46:26.470root 11241100x80000000000000004027412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0433cb8e355a4f182021-12-22 12:46:26.471root 11241100x80000000000000004027413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f379318f38b29332021-12-22 12:46:26.471root 11241100x80000000000000004027414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45933a7fde447a002021-12-22 12:46:26.471root 11241100x80000000000000004027415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2994023202ab4302021-12-22 12:46:26.471root 11241100x80000000000000004027416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979a4432a0e475822021-12-22 12:46:26.471root 11241100x80000000000000004027417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c179839d46b51302021-12-22 12:46:26.471root 11241100x80000000000000004027418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c1ee4c22e70bd72021-12-22 12:46:26.472root 11241100x80000000000000004027419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2672294bfacf540a2021-12-22 12:46:26.472root 11241100x80000000000000004027420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf7c85e9a209fa52021-12-22 12:46:26.472root 11241100x80000000000000004027421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca179f9ecc2bed52021-12-22 12:46:26.472root 11241100x80000000000000004027422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa10ae5e5693c3472021-12-22 12:46:26.472root 11241100x80000000000000004027423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb3b1999ba3396f2021-12-22 12:46:26.472root 11241100x80000000000000004027424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8aeca6036cd66422021-12-22 12:46:26.472root 11241100x80000000000000004027425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b24d0ea257abf02021-12-22 12:46:26.472root 11241100x80000000000000004027426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcffa7243b4eb9032021-12-22 12:46:26.472root 11241100x80000000000000004027427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16df02e42358b222021-12-22 12:46:26.472root 11241100x80000000000000004027428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9dff8a183e97e32021-12-22 12:46:26.472root 11241100x80000000000000004027429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4235ef8ab13f8912021-12-22 12:46:26.472root 11241100x80000000000000004027430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab1de7538a6e2442021-12-22 12:46:26.472root 11241100x80000000000000004027431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256593bbbc9340312021-12-22 12:46:26.473root 11241100x80000000000000004027432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1881471ac407efc42021-12-22 12:46:26.473root 11241100x80000000000000004027433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7002ae6cfc159a192021-12-22 12:46:26.473root 11241100x80000000000000004027434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8103b10d48cee1922021-12-22 12:46:26.473root 11241100x80000000000000004027435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a186a6daa86862f2021-12-22 12:46:26.474root 11241100x80000000000000004027436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccacb111535fbd8c2021-12-22 12:46:26.474root 11241100x80000000000000004027437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babedcf049005b922021-12-22 12:46:26.474root 11241100x80000000000000004027438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dfea5c999733d12021-12-22 12:46:26.474root 11241100x80000000000000004027439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6be08d882f098f2021-12-22 12:46:26.475root 11241100x80000000000000004027440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc8b7b7ef86006e2021-12-22 12:46:26.475root 11241100x80000000000000004027441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e64cb42ccd610662021-12-22 12:46:26.475root 11241100x80000000000000004027442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64edef67e60d5e82021-12-22 12:46:26.475root 11241100x80000000000000004027443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed266d2fcb49e692021-12-22 12:46:26.476root 11241100x80000000000000004027444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186c802cda0073b42021-12-22 12:46:26.476root 11241100x80000000000000004027445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816b7045e1efdee32021-12-22 12:46:26.476root 11241100x80000000000000004027446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd29d8c2dde7f462021-12-22 12:46:26.477root 11241100x80000000000000004027447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80c4dc8d8f81cae2021-12-22 12:46:26.477root 11241100x80000000000000004027448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0952a3224402c2e32021-12-22 12:46:26.477root 11241100x80000000000000004027449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f614110d9aa1a32021-12-22 12:46:26.478root 11241100x80000000000000004027450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44e866087cf90b62021-12-22 12:46:26.478root 11241100x80000000000000004027451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820ecedc38d98aab2021-12-22 12:46:26.478root 11241100x80000000000000004027452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84051250259d2d772021-12-22 12:46:26.478root 11241100x80000000000000004027453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8f568714b8c0732021-12-22 12:46:26.479root 11241100x80000000000000004027454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bfa7989e0eb0042021-12-22 12:46:26.479root 11241100x80000000000000004027455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519479d8cb6cad012021-12-22 12:46:26.479root 11241100x80000000000000004027456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e91ff690e451f8c2021-12-22 12:46:26.479root 11241100x80000000000000004027457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b6eeac63881e192021-12-22 12:46:26.479root 11241100x80000000000000004027458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f8547f6b5f21e62021-12-22 12:46:26.479root 11241100x80000000000000004027459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1ac624f7404d5c2021-12-22 12:46:26.479root 11241100x80000000000000004027460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddcbf4b4fcd396a2021-12-22 12:46:26.479root 11241100x80000000000000004027461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc38f9a279859d842021-12-22 12:46:26.479root 11241100x80000000000000004027462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0ff37e72be984f2021-12-22 12:46:26.479root 11241100x80000000000000004027463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc0e37ad9ba5fd02021-12-22 12:46:26.480root 11241100x80000000000000004027464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08e92cf3e2c9dc92021-12-22 12:46:26.480root 11241100x80000000000000004027465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e53ebbd4ff55c792021-12-22 12:46:26.480root 11241100x80000000000000004027466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e089daa1fc6372e02021-12-22 12:46:26.480root 11241100x80000000000000004027467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0e81f5c20ba8482021-12-22 12:46:26.480root 11241100x80000000000000004027468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4ebe935ed44b682021-12-22 12:46:26.480root 11241100x80000000000000004027469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346b74fac09fcf492021-12-22 12:46:26.480root 11241100x80000000000000004027470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cb337b0169b4be2021-12-22 12:46:26.480root 11241100x80000000000000004027471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfab4f24edde23b2021-12-22 12:46:26.480root 11241100x80000000000000004027472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2fd9c5e01d47db2021-12-22 12:46:26.480root 11241100x80000000000000004027473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a5f285d63228742021-12-22 12:46:26.480root 11241100x80000000000000004027474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2fc9df2e1758952021-12-22 12:46:26.480root 11241100x80000000000000004027475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980d639f02d77d5f2021-12-22 12:46:26.481root 11241100x80000000000000004027476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942ff50fddbf899a2021-12-22 12:46:26.481root 11241100x80000000000000004027477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4d094e4e9804f82021-12-22 12:46:26.481root 11241100x80000000000000004027478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b23f06fa9faa252021-12-22 12:46:26.481root 11241100x80000000000000004027479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e4d4b0030425992021-12-22 12:46:26.481root 11241100x80000000000000004027480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc2d6aee3bd5a872021-12-22 12:46:26.481root 11241100x80000000000000004027481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a098e32cafecc0b02021-12-22 12:46:26.481root 11241100x80000000000000004027482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e32b2471439ec202021-12-22 12:46:26.481root 11241100x80000000000000004027483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30533b0fa90d08c72021-12-22 12:46:26.481root 11241100x80000000000000004027484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c132f1a13e9c7112021-12-22 12:46:26.481root 11241100x80000000000000004027485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6bfa87610ecfe42021-12-22 12:46:26.481root 11241100x80000000000000004027486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f4a0748a1060692021-12-22 12:46:26.481root 11241100x80000000000000004027487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8d8a7d2e978cfd2021-12-22 12:46:26.481root 11241100x80000000000000004027488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e058798d3d47b372021-12-22 12:46:26.481root 11241100x80000000000000004027489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2529bb27115edf692021-12-22 12:46:26.482root 11241100x80000000000000004027490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c02a7a4ad8ca942021-12-22 12:46:26.482root 11241100x80000000000000004027491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7800c6942785c2fb2021-12-22 12:46:26.482root 11241100x80000000000000004027492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d762d8eb07c79c2021-12-22 12:46:26.482root 11241100x80000000000000004027493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74003c8b473fe4662021-12-22 12:46:26.482root 11241100x80000000000000004027494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c08268e1f158932021-12-22 12:46:26.482root 11241100x80000000000000004027495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd4b02fcd77e5d42021-12-22 12:46:26.482root 11241100x80000000000000004027496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ea5f24403408052021-12-22 12:46:26.482root 11241100x80000000000000004027497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8414b4e6c5d1d3f52021-12-22 12:46:26.482root 11241100x80000000000000004027498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4369bc4e26b6c80f2021-12-22 12:46:26.482root 11241100x80000000000000004027499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8e4da4f273c6972021-12-22 12:46:26.482root 11241100x80000000000000004027500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e1dd169b71c4c62021-12-22 12:46:26.482root 11241100x80000000000000004027501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26202c6cb1bbd8362021-12-22 12:46:26.482root 11241100x80000000000000004027502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2384d15610179bb92021-12-22 12:46:26.482root 11241100x80000000000000004027503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf00e6c9d0dcb9892021-12-22 12:46:26.482root 11241100x80000000000000004027504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536beb1072eef7cb2021-12-22 12:46:26.483root 11241100x80000000000000004027505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22898c082eb8e5d2021-12-22 12:46:26.483root 11241100x80000000000000004027506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd21032dccc26a972021-12-22 12:46:26.483root 11241100x80000000000000004027507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05187a5f5f3725732021-12-22 12:46:26.483root 11241100x80000000000000004027508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653b192df914f1672021-12-22 12:46:26.483root 11241100x80000000000000004027509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f908c39cd764aab92021-12-22 12:46:26.483root 11241100x80000000000000004027510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631e50def17119c42021-12-22 12:46:26.483root 11241100x80000000000000004027511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7eceaaf5488b2c2021-12-22 12:46:26.943root 11241100x80000000000000004027512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96ab041237ce36f2021-12-22 12:46:26.943root 11241100x80000000000000004027513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dc3aefd8c399642021-12-22 12:46:26.944root 11241100x80000000000000004027514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2399547420ed2e872021-12-22 12:46:26.944root 11241100x80000000000000004027515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbcdc9accbad5fa2021-12-22 12:46:26.944root 11241100x80000000000000004027516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a9048b96675d532021-12-22 12:46:26.945root 11241100x80000000000000004027517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4b63e72a6298dd2021-12-22 12:46:26.945root 11241100x80000000000000004027518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b75b4d0d2095722021-12-22 12:46:26.945root 11241100x80000000000000004027519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2beaf14bd2be165a2021-12-22 12:46:26.945root 11241100x80000000000000004027520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed99369dde5062d02021-12-22 12:46:26.945root 11241100x80000000000000004027521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a49fa414d652d72021-12-22 12:46:26.945root 11241100x80000000000000004027522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78b3217103d1daa2021-12-22 12:46:26.945root 11241100x80000000000000004027523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bfe95f498390652021-12-22 12:46:26.945root 11241100x80000000000000004027524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b4fe44daa0e2082021-12-22 12:46:26.945root 11241100x80000000000000004027525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f66f650f022d4df2021-12-22 12:46:26.945root 11241100x80000000000000004027526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6839295de23a742021-12-22 12:46:26.946root 11241100x80000000000000004027527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9937c887e5f5f57d2021-12-22 12:46:26.946root 11241100x80000000000000004027528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748d06e60b2e04832021-12-22 12:46:26.946root 11241100x80000000000000004027529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b260d1cfbd63a9992021-12-22 12:46:26.947root 11241100x80000000000000004027530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19ece1907c718042021-12-22 12:46:26.947root 11241100x80000000000000004027531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafcbdafdcc014ca2021-12-22 12:46:26.947root 11241100x80000000000000004027532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02aa939d9f8a8e42021-12-22 12:46:26.947root 11241100x80000000000000004027533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980cdba7906803dc2021-12-22 12:46:26.948root 11241100x80000000000000004027534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf0fdcc81f71e442021-12-22 12:46:26.948root 11241100x80000000000000004027535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32565bc1aedaa262021-12-22 12:46:26.948root 11241100x80000000000000004027536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d5b5327cbd019c2021-12-22 12:46:26.948root 11241100x80000000000000004027537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1836a1ae2c056ad2021-12-22 12:46:26.949root 11241100x80000000000000004027538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a74f394a6c557442021-12-22 12:46:26.949root 11241100x80000000000000004027539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356a6d303809871e2021-12-22 12:46:26.950root 11241100x80000000000000004027540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01308dc363687912021-12-22 12:46:26.950root 11241100x80000000000000004027541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7360dca7f7e04fad2021-12-22 12:46:26.950root 11241100x80000000000000004027542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee59cfb2d0a37fd2021-12-22 12:46:26.950root 11241100x80000000000000004027543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29133eb6b8a56092021-12-22 12:46:26.951root 11241100x80000000000000004027544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893e2c5ace15846c2021-12-22 12:46:26.951root 11241100x80000000000000004027545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c03a68ba2c12ea62021-12-22 12:46:26.951root 11241100x80000000000000004027546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5000bdd6f4ece37e2021-12-22 12:46:26.951root 11241100x80000000000000004027547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e06f6f437929cd2021-12-22 12:46:26.951root 11241100x80000000000000004027548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4c70fe0196c39e2021-12-22 12:46:26.952root 11241100x80000000000000004027549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017151063fc6de172021-12-22 12:46:26.952root 11241100x80000000000000004027550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfc3c97e6cba76d2021-12-22 12:46:26.952root 11241100x80000000000000004027551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0c80362062b6b92021-12-22 12:46:26.952root 11241100x80000000000000004027552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b9a2ecb0482c212021-12-22 12:46:26.952root 11241100x80000000000000004027553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dafb7678a7c5212021-12-22 12:46:26.952root 11241100x80000000000000004027554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f12f659af37fef22021-12-22 12:46:26.952root 11241100x80000000000000004027555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0c654bc042a6052021-12-22 12:46:26.952root 11241100x80000000000000004027556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e24420ff2940032021-12-22 12:46:26.952root 11241100x80000000000000004027557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16125650a089726a2021-12-22 12:46:26.952root 11241100x80000000000000004027558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c988dea4243050002021-12-22 12:46:26.952root 11241100x80000000000000004027559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fe77f54aa479202021-12-22 12:46:26.952root 11241100x80000000000000004027560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc94a4e4997b7562021-12-22 12:46:26.952root 11241100x80000000000000004027561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b645b1b9b5c52e902021-12-22 12:46:26.953root 11241100x80000000000000004027562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa39a02e1af113b2021-12-22 12:46:26.953root 11241100x80000000000000004027563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b2a24658a86f1b2021-12-22 12:46:26.953root 11241100x80000000000000004027564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131d9c1fc48d43802021-12-22 12:46:26.953root 11241100x80000000000000004027565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f9cdb9c949d92c2021-12-22 12:46:26.953root 11241100x80000000000000004027566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9631a4a943eb4fe72021-12-22 12:46:26.953root 11241100x80000000000000004027567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6cc9933898a31d2021-12-22 12:46:26.953root 11241100x80000000000000004027568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ba3bdd0ad0a87b2021-12-22 12:46:26.953root 11241100x80000000000000004027569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21711b3e4b3058992021-12-22 12:46:26.953root 11241100x80000000000000004027570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a42eba01e7c7f322021-12-22 12:46:26.953root 11241100x80000000000000004027571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be6efbc0603edd02021-12-22 12:46:26.953root 11241100x80000000000000004027572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfe790179d20cf22021-12-22 12:46:26.953root 11241100x80000000000000004027573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29720a443ddd3c02021-12-22 12:46:26.953root 11241100x80000000000000004027574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cc92b26fe6ea2f2021-12-22 12:46:26.954root 11241100x80000000000000004027575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e8a97d1cf695082021-12-22 12:46:26.954root 11241100x80000000000000004027576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1799006d550621502021-12-22 12:46:26.954root 11241100x80000000000000004027577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa9b26d3efb52b32021-12-22 12:46:26.954root 11241100x80000000000000004027578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ef76a48d43fd982021-12-22 12:46:26.954root 11241100x80000000000000004027579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191278639a4f1f172021-12-22 12:46:26.954root 11241100x80000000000000004027580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f880502d88c6a55c2021-12-22 12:46:26.954root 11241100x80000000000000004027581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ddfaac618eff642021-12-22 12:46:26.954root 11241100x80000000000000004027582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6dc39cca2f283d92021-12-22 12:46:26.954root 11241100x80000000000000004027583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5dd2101c2a64012021-12-22 12:46:26.954root 11241100x80000000000000004027584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ca635c3bed34be2021-12-22 12:46:26.954root 11241100x80000000000000004027585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db70e2c0ff5b900e2021-12-22 12:46:26.954root 11241100x80000000000000004027586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a2f1caf3542b462021-12-22 12:46:26.954root 11241100x80000000000000004027587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1d4abb32ce0f972021-12-22 12:46:26.955root 11241100x80000000000000004027588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f58d455b73311a2021-12-22 12:46:26.955root 11241100x80000000000000004027589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a26d66387ac7f62021-12-22 12:46:26.955root 11241100x80000000000000004027590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de0bfc4b10184892021-12-22 12:46:26.959root 11241100x80000000000000004027591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc0a3573be5c5512021-12-22 12:46:26.959root 11241100x80000000000000004027592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55defa8f4ea9c4052021-12-22 12:46:26.959root 11241100x80000000000000004027593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b8363a77f485692021-12-22 12:46:26.959root 11241100x80000000000000004027594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e717fe261457bf2021-12-22 12:46:26.959root 11241100x80000000000000004027595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ca9cf08a492dca2021-12-22 12:46:26.960root 11241100x80000000000000004027596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1db195fa74e6e622021-12-22 12:46:26.960root 11241100x80000000000000004027597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c05012c454516b12021-12-22 12:46:26.960root 11241100x80000000000000004027598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13a4dbf987cf4012021-12-22 12:46:26.960root 11241100x80000000000000004027599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdce5da388d6d312021-12-22 12:46:26.960root 11241100x80000000000000004027600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b394543ed65203d92021-12-22 12:46:26.960root 11241100x80000000000000004027601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460b724bb1ca909b2021-12-22 12:46:26.961root 11241100x80000000000000004027602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39aecb3ed35951862021-12-22 12:46:26.961root 11241100x80000000000000004027603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7652027905f1db2021-12-22 12:46:26.961root 11241100x80000000000000004027604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c846b9020021532021-12-22 12:46:26.961root 11241100x80000000000000004027605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905d78b1808853e02021-12-22 12:46:26.961root 11241100x80000000000000004027606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233c0910cc2ca1c82021-12-22 12:46:26.961root 11241100x80000000000000004027607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd8181d70ded6be2021-12-22 12:46:26.961root 11241100x80000000000000004027608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03604badaddd45cd2021-12-22 12:46:26.961root 11241100x80000000000000004027609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f26aa1a73a3b0a2021-12-22 12:46:26.961root 11241100x80000000000000004027610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef51d9885224c772021-12-22 12:46:26.962root 11241100x80000000000000004027611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2e6b000f8108202021-12-22 12:46:26.962root 11241100x80000000000000004027612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2898f87ea4fea8d72021-12-22 12:46:26.962root 11241100x80000000000000004027613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496fb420530acd4a2021-12-22 12:46:26.962root 11241100x80000000000000004027614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296838a1192aa2622021-12-22 12:46:26.962root 11241100x80000000000000004027615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab5907160ad432d2021-12-22 12:46:26.962root 11241100x80000000000000004027616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af441c66df6adc8e2021-12-22 12:46:26.962root 11241100x80000000000000004027617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cd5d31f9e90b4b2021-12-22 12:46:26.962root 11241100x80000000000000004027618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38db7c3b90feec72021-12-22 12:46:26.962root 11241100x80000000000000004027619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6177ef8e84e5c17b2021-12-22 12:46:26.962root 11241100x80000000000000004027620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d7ac90b172c1da2021-12-22 12:46:26.963root 11241100x80000000000000004027621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e699112088e3a1782021-12-22 12:46:26.963root 11241100x80000000000000004027622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be287a728ba5d3142021-12-22 12:46:26.963root 11241100x80000000000000004027623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d13064b5795caf2021-12-22 12:46:26.963root 11241100x80000000000000004027624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5cba12c8d80b932021-12-22 12:46:26.963root 11241100x80000000000000004027625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d528b7c98b0679a02021-12-22 12:46:26.963root 11241100x80000000000000004027626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a505c8b52360412021-12-22 12:46:26.963root 11241100x80000000000000004027627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2692399357fe37e2021-12-22 12:46:26.963root 11241100x80000000000000004027628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073a4b91b6ec2b212021-12-22 12:46:26.963root 11241100x80000000000000004027629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674bd814329d8d612021-12-22 12:46:26.963root 11241100x80000000000000004027630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d279bcf2e6279ac2021-12-22 12:46:26.964root 11241100x80000000000000004027631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e1580f3287cc842021-12-22 12:46:26.964root 11241100x80000000000000004027632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db06b7cd4c046b472021-12-22 12:46:26.964root 11241100x80000000000000004027633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff849bab48a55492021-12-22 12:46:26.964root 11241100x80000000000000004027634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe637791a9c50ba2021-12-22 12:46:26.964root 11241100x80000000000000004027635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d662149b9c4bcee2021-12-22 12:46:26.964root 11241100x80000000000000004027636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a3a9700f56aae72021-12-22 12:46:26.964root 11241100x80000000000000004027637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f06e42a238d776d2021-12-22 12:46:26.964root 11241100x80000000000000004027638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4028dfc415b8ef2021-12-22 12:46:26.964root 11241100x80000000000000004027639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d037b762b9d07362021-12-22 12:46:26.965root 11241100x80000000000000004027640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336edfcc381f69be2021-12-22 12:46:26.965root 11241100x80000000000000004027641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f053c076ae1ca72021-12-22 12:46:26.965root 11241100x80000000000000004027642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30fb79f180296752021-12-22 12:46:26.965root 11241100x80000000000000004027643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcb0616d00f467d2021-12-22 12:46:26.965root 11241100x80000000000000004027644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03419c25affe20cf2021-12-22 12:46:26.965root 11241100x80000000000000004027645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e945ebf48fd34392021-12-22 12:46:26.965root 11241100x80000000000000004027646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196698b366f95ea62021-12-22 12:46:26.965root 11241100x80000000000000004027647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015e7a9e69df51c52021-12-22 12:46:26.965root 11241100x80000000000000004027648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c485a7100dd10cf72021-12-22 12:46:26.965root 11241100x80000000000000004027649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e4150c10519f132021-12-22 12:46:26.965root 11241100x80000000000000004027650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04b4d96a74db8b72021-12-22 12:46:26.966root 11241100x80000000000000004027651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66af5e770cf5f57e2021-12-22 12:46:26.966root 11241100x80000000000000004027652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da564a2a02211ee2021-12-22 12:46:26.966root 11241100x80000000000000004027653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d0605264cb204e2021-12-22 12:46:26.966root 11241100x80000000000000004027654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ebd7b99f8643982021-12-22 12:46:26.966root 11241100x80000000000000004027655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7090f9e1dfd85e1f2021-12-22 12:46:26.966root 11241100x80000000000000004027656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d568d3c4a413a82021-12-22 12:46:26.967root 11241100x80000000000000004027657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eee2479714d6972021-12-22 12:46:26.967root 11241100x80000000000000004027658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa3d9257cc9566e2021-12-22 12:46:26.967root 11241100x80000000000000004027659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438b56b85dc561c82021-12-22 12:46:26.967root 11241100x80000000000000004027660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67848cc8b94352572021-12-22 12:46:26.967root 11241100x80000000000000004027661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca30b52056e6e7302021-12-22 12:46:26.967root 11241100x80000000000000004027662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056ecdeaf459abfa2021-12-22 12:46:26.967root 11241100x80000000000000004027663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e5d2c7dbc419e62021-12-22 12:46:26.967root 11241100x80000000000000004027664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999f8333a36f57952021-12-22 12:46:26.967root 11241100x80000000000000004027665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ae936ab696b6fe2021-12-22 12:46:26.967root 11241100x80000000000000004027666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ffa226cf6f70452021-12-22 12:46:26.968root 11241100x80000000000000004027667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2907f6276750fdb2021-12-22 12:46:26.968root 11241100x80000000000000004027668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fe00ae68527a092021-12-22 12:46:26.968root 11241100x80000000000000004027669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eae21f06b9db032021-12-22 12:46:26.968root 11241100x80000000000000004027670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca87c71702721ca42021-12-22 12:46:26.968root 11241100x80000000000000004027671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dd400ca3a54b5d2021-12-22 12:46:26.968root 11241100x80000000000000004027672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab90bef1c4ffe27c2021-12-22 12:46:26.968root 11241100x80000000000000004027673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf1f0be529f34df2021-12-22 12:46:26.968root 11241100x80000000000000004027674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deafc8bc1045676a2021-12-22 12:46:26.968root 11241100x80000000000000004027675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd2a7decb4450fa2021-12-22 12:46:26.968root 11241100x80000000000000004027676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93943855f5598cfa2021-12-22 12:46:26.969root 11241100x80000000000000004027677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da7d9e34cbd5cd22021-12-22 12:46:26.969root 11241100x80000000000000004027678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f130f16b84348d992021-12-22 12:46:26.969root 11241100x80000000000000004027679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f59e9bed4b31872021-12-22 12:46:26.969root 11241100x80000000000000004027680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bdf807ae7b0eb02021-12-22 12:46:26.969root 11241100x80000000000000004027681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00b53ce757b6b9b2021-12-22 12:46:26.969root 11241100x80000000000000004027682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c198cc9eb39a24e22021-12-22 12:46:26.969root 11241100x80000000000000004027683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d562a541856300182021-12-22 12:46:26.969root 11241100x80000000000000004027684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d09517613272172021-12-22 12:46:26.969root 11241100x80000000000000004027685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece210831050ccce2021-12-22 12:46:26.970root 11241100x80000000000000004027686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70e050b0677d8752021-12-22 12:46:26.970root 11241100x80000000000000004027687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ffdaa87f971e082021-12-22 12:46:26.970root 11241100x80000000000000004027688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb95213b86a0a522021-12-22 12:46:26.970root 11241100x80000000000000004027689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b598448248aafd62021-12-22 12:46:26.970root 11241100x80000000000000004027690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726b4cd413d0999a2021-12-22 12:46:26.970root 11241100x80000000000000004027691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f99247a4efe1352021-12-22 12:46:26.970root 11241100x80000000000000004027692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f63c0ca0c22c3b62021-12-22 12:46:26.970root 11241100x80000000000000004027693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb2b74e5204a98e2021-12-22 12:46:26.970root 11241100x80000000000000004027694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df68c8af5b1ad2132021-12-22 12:46:26.971root 11241100x80000000000000004027695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f83e7d7d0c714e2021-12-22 12:46:26.971root 11241100x80000000000000004027696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56272a8a63e66dd22021-12-22 12:46:26.971root 11241100x80000000000000004027697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f40bf1a09c12e282021-12-22 12:46:26.971root 11241100x80000000000000004027698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d20b2a37d3e51262021-12-22 12:46:26.971root 11241100x80000000000000004027699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06ef87fdf346e902021-12-22 12:46:26.971root 11241100x80000000000000004027700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ee7ce46fb22f2c2021-12-22 12:46:26.971root 11241100x80000000000000004027701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0deffd566464f752021-12-22 12:46:26.971root 11241100x80000000000000004027702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e005a7a731e4cfe2021-12-22 12:46:26.972root 11241100x80000000000000004027703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6b083ddb9c86d92021-12-22 12:46:26.972root 11241100x80000000000000004027704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617a6952119641a62021-12-22 12:46:26.972root 11241100x80000000000000004027705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf75d7f7a8a15c32021-12-22 12:46:26.972root 11241100x80000000000000004027706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935ae50a71226fa42021-12-22 12:46:26.972root 11241100x80000000000000004027707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b8c777e9da81202021-12-22 12:46:26.972root 11241100x80000000000000004027708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16169dd313806862021-12-22 12:46:26.972root 11241100x80000000000000004027709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8e4fccb66c76a72021-12-22 12:46:26.972root 11241100x80000000000000004027710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9008f0d135b504552021-12-22 12:46:26.973root 11241100x80000000000000004027711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadcbd3d63fed06f2021-12-22 12:46:26.973root 11241100x80000000000000004027712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e1f7388e680e482021-12-22 12:46:26.973root 11241100x80000000000000004027713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4ac6f5fbc22be02021-12-22 12:46:26.973root 11241100x80000000000000004027714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185211197c273f112021-12-22 12:46:26.973root 11241100x80000000000000004027715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb83481940d501b2021-12-22 12:46:26.973root 11241100x80000000000000004027716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af25bb4fcd03fded2021-12-22 12:46:26.973root 11241100x80000000000000004027717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb94c88c045022a2021-12-22 12:46:26.973root 11241100x80000000000000004027718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d83a2f9acc0e6e2021-12-22 12:46:26.974root 11241100x80000000000000004027719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec142f6ba91c19a2021-12-22 12:46:26.974root 11241100x80000000000000004027720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e809ee4b45b34e042021-12-22 12:46:26.974root 11241100x80000000000000004027721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb73a31e04807552021-12-22 12:46:26.974root 11241100x80000000000000004027722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33de7de55d8620172021-12-22 12:46:26.974root 11241100x80000000000000004027723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52da09387119835b2021-12-22 12:46:26.974root 11241100x80000000000000004027724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1790db9bedee2fd52021-12-22 12:46:26.974root 11241100x80000000000000004027725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9369b3d1428fdb4e2021-12-22 12:46:26.974root 11241100x80000000000000004027726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b07296c4a60e8c2021-12-22 12:46:26.975root 11241100x80000000000000004027727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8035872369b325cb2021-12-22 12:46:26.975root 11241100x80000000000000004027728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06290a383c05050f2021-12-22 12:46:26.975root 11241100x80000000000000004027729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d015afbf64166d2021-12-22 12:46:26.975root 11241100x80000000000000004027730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080fdae88b24b2c52021-12-22 12:46:26.975root 11241100x80000000000000004027731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce6c47dbbe8a6cb2021-12-22 12:46:26.976root 11241100x80000000000000004027732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d532722c1b3e2d02021-12-22 12:46:26.976root 11241100x80000000000000004027733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cc98d5518bdf192021-12-22 12:46:26.976root 11241100x80000000000000004027734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82da388cb853e532021-12-22 12:46:26.977root 11241100x80000000000000004027735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc887096d854b292021-12-22 12:46:26.977root 11241100x80000000000000004027736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0101e83333d0ab2021-12-22 12:46:26.977root 11241100x80000000000000004027737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3749cb242cf3aa2021-12-22 12:46:26.977root 11241100x80000000000000004027738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a5ad9d9ed489e62021-12-22 12:46:26.977root 11241100x80000000000000004027739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e541fb7e61ba5b332021-12-22 12:46:26.977root 11241100x80000000000000004027740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fb4fac271b2f212021-12-22 12:46:26.977root 11241100x80000000000000004027741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1950e9f9a58976182021-12-22 12:46:26.977root 11241100x80000000000000004027742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a7eaa24bd07ef82021-12-22 12:46:26.977root 11241100x80000000000000004027743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6787e07924bd91602021-12-22 12:46:26.978root 11241100x80000000000000004027744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bc138b22056b542021-12-22 12:46:26.978root 11241100x80000000000000004027745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3a3a01a596b35c2021-12-22 12:46:26.978root 11241100x80000000000000004027746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3e328a636892bb2021-12-22 12:46:26.978root 11241100x80000000000000004027747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859bdf84bd57f85b2021-12-22 12:46:26.978root 11241100x80000000000000004027748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4089352815069b32021-12-22 12:46:26.978root 11241100x80000000000000004027749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0278ccb1327ba8d22021-12-22 12:46:26.978root 11241100x80000000000000004027750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a85987a0397067a2021-12-22 12:46:26.979root 11241100x80000000000000004027751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2987b9e467516f272021-12-22 12:46:26.979root 11241100x80000000000000004027752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ae7361d6d50a3e2021-12-22 12:46:26.979root 11241100x80000000000000004027753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6399baa62e68a6f02021-12-22 12:46:26.979root 11241100x80000000000000004027754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93a3165c1e4e05f2021-12-22 12:46:26.979root 11241100x80000000000000004027755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d944f116b6e1e3d42021-12-22 12:46:26.979root 11241100x80000000000000004027756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a81e1b44736f682021-12-22 12:46:26.979root 11241100x80000000000000004027757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe47a8baafac17082021-12-22 12:46:26.979root 11241100x80000000000000004027758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96f2912025f329c2021-12-22 12:46:26.980root 11241100x80000000000000004027759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9402126e51baa12021-12-22 12:46:26.980root 11241100x80000000000000004027760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f92041aa4faf242021-12-22 12:46:26.980root 11241100x80000000000000004027761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9450738ad97ab9792021-12-22 12:46:26.980root 11241100x80000000000000004027762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29997a4f52f0d592021-12-22 12:46:26.980root 11241100x80000000000000004027763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28bdab89d0054ff2021-12-22 12:46:26.980root 11241100x80000000000000004027764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bf27352ec055042021-12-22 12:46:26.980root 11241100x80000000000000004027765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00973641e73254952021-12-22 12:46:26.981root 11241100x80000000000000004027766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2877dc4c2b9f5912021-12-22 12:46:26.981root 11241100x80000000000000004027767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eaf54f5e09366b2021-12-22 12:46:26.981root 11241100x80000000000000004027768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c36a9144ebaa8422021-12-22 12:46:26.981root 11241100x80000000000000004027769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f844d5c209dd9f72021-12-22 12:46:26.981root 11241100x80000000000000004027770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d406c8d31d51e612021-12-22 12:46:26.981root 11241100x80000000000000004027771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e578147415ae0abe2021-12-22 12:46:26.981root 11241100x80000000000000004027772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a17957e2cb184f22021-12-22 12:46:26.981root 11241100x80000000000000004027773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4ec0bf681ad7082021-12-22 12:46:26.982root 11241100x80000000000000004027774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df07c52b931476c72021-12-22 12:46:26.982root 11241100x80000000000000004027775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9544be579cf377102021-12-22 12:46:26.982root 11241100x80000000000000004027776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f7fbcb5e01104c2021-12-22 12:46:26.982root 11241100x80000000000000004027777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd446df9098fa72b2021-12-22 12:46:26.982root 11241100x80000000000000004027778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6499a7a527667dae2021-12-22 12:46:26.982root 11241100x80000000000000004027779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4c4a38d93ab8862021-12-22 12:46:26.982root 11241100x80000000000000004027780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2726506a68a42b532021-12-22 12:46:26.982root 11241100x80000000000000004027781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf0b4de7c1fe1da2021-12-22 12:46:26.982root 11241100x80000000000000004027782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b880616d54bd212021-12-22 12:46:26.982root 11241100x80000000000000004027783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6886b85e42e8ba2021-12-22 12:46:26.982root 11241100x80000000000000004027784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c2d0034e2167782021-12-22 12:46:26.983root 11241100x80000000000000004027785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce021180f54144342021-12-22 12:46:26.983root 11241100x80000000000000004027786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d374c1a93b7851bf2021-12-22 12:46:26.983root 11241100x80000000000000004027787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0477c2c47754f22021-12-22 12:46:26.983root 11241100x80000000000000004027788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc0d786c55cc0ba2021-12-22 12:46:26.983root 11241100x80000000000000004027789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78858a7c2c4746212021-12-22 12:46:26.983root 11241100x80000000000000004027790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a0679c8257667c2021-12-22 12:46:26.983root 11241100x80000000000000004027791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28f5e1561152b8d2021-12-22 12:46:26.983root 11241100x80000000000000004027792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e95ef27717353602021-12-22 12:46:26.983root 11241100x80000000000000004027793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaf29217bcf7f912021-12-22 12:46:26.984root 11241100x80000000000000004027794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15e8dd984a409592021-12-22 12:46:26.984root 11241100x80000000000000004027795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007d5f5b4a6e2a8c2021-12-22 12:46:26.984root 11241100x80000000000000004027796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8cbf61dc7fcd232021-12-22 12:46:26.984root 11241100x80000000000000004027797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69885d52186bffbd2021-12-22 12:46:26.984root 11241100x80000000000000004027798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20885f7020b524572021-12-22 12:46:26.984root 11241100x80000000000000004027799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0bb4fb5849d71a2021-12-22 12:46:26.984root 11241100x80000000000000004027800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97f58670e16b0ec2021-12-22 12:46:26.984root 11241100x80000000000000004027801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1c1cf6b5cf0ad92021-12-22 12:46:26.984root 11241100x80000000000000004027802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a233cef9ae5fdcb2021-12-22 12:46:26.984root 11241100x80000000000000004027803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5873706682dac62021-12-22 12:46:26.984root 11241100x80000000000000004027804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0649737b4171752021-12-22 12:46:26.985root 11241100x80000000000000004027805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd1ff37a9d9045b2021-12-22 12:46:26.985root 11241100x80000000000000004027806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e118389ee41d7c8b2021-12-22 12:46:26.985root 11241100x80000000000000004027807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:26.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c163482419b8dc22021-12-22 12:46:26.985root 11241100x80000000000000004027808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b189c6eebcf92962021-12-22 12:46:27.443root 11241100x80000000000000004027809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0298ec58d0f7ccb2021-12-22 12:46:27.443root 11241100x80000000000000004027810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb426a86bab5e2432021-12-22 12:46:27.443root 11241100x80000000000000004027811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660e0b4641a77a5e2021-12-22 12:46:27.443root 11241100x80000000000000004027812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3494f07baa6fe02021-12-22 12:46:27.444root 11241100x80000000000000004027813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0030531afad9ba622021-12-22 12:46:27.444root 11241100x80000000000000004027814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae1052579d9a5a32021-12-22 12:46:27.444root 11241100x80000000000000004027815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff637ab28f9efdb2021-12-22 12:46:27.444root 11241100x80000000000000004027816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54eefb29c2f0f9f2021-12-22 12:46:27.444root 11241100x80000000000000004027817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5d352c9e88bba92021-12-22 12:46:27.444root 11241100x80000000000000004027818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319c5da4329eeb2f2021-12-22 12:46:27.444root 11241100x80000000000000004027819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36be4696011aba92021-12-22 12:46:27.444root 11241100x80000000000000004027820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2555935047312d2021-12-22 12:46:27.444root 11241100x80000000000000004027821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceea8c7eac196bd2021-12-22 12:46:27.444root 11241100x80000000000000004027822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e9e73d1bfb36e42021-12-22 12:46:27.444root 11241100x80000000000000004027823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa7447528e589952021-12-22 12:46:27.444root 11241100x80000000000000004027824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d2a62ed763826a2021-12-22 12:46:27.444root 11241100x80000000000000004027825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6ce1c4920591e92021-12-22 12:46:27.444root 11241100x80000000000000004027826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6730bfc24f370df62021-12-22 12:46:27.444root 11241100x80000000000000004027827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3916e8feea985d2021-12-22 12:46:27.444root 11241100x80000000000000004027828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a0af9d328f0f8c2021-12-22 12:46:27.445root 11241100x80000000000000004027829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ac24d56d390e962021-12-22 12:46:27.445root 11241100x80000000000000004027830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d76faf6758e9022021-12-22 12:46:27.445root 11241100x80000000000000004027831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b74d522de2fdf882021-12-22 12:46:27.445root 11241100x80000000000000004027832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9383d1b45226ca12021-12-22 12:46:27.445root 11241100x80000000000000004027833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5300f8c9cd717d2021-12-22 12:46:27.445root 11241100x80000000000000004027834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ea6e013b0321e62021-12-22 12:46:27.445root 11241100x80000000000000004027835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e033905ed4c83b302021-12-22 12:46:27.445root 11241100x80000000000000004027836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b537ce6fa0b6972021-12-22 12:46:27.445root 11241100x80000000000000004027837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f39997c7723b482021-12-22 12:46:27.445root 11241100x80000000000000004027838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b94998bbbe07dda2021-12-22 12:46:27.445root 11241100x80000000000000004027839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e910a71a756043ff2021-12-22 12:46:27.445root 11241100x80000000000000004027840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4fc4f1b6e087762021-12-22 12:46:27.446root 11241100x80000000000000004027841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8fe1d60aa3eef02021-12-22 12:46:27.446root 11241100x80000000000000004027842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6600a19ec61141b2021-12-22 12:46:27.446root 11241100x80000000000000004027843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad149dde31c22fc22021-12-22 12:46:27.446root 11241100x80000000000000004027844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e26daa10af498ed2021-12-22 12:46:27.446root 11241100x80000000000000004027845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a82af4d258a06592021-12-22 12:46:27.446root 11241100x80000000000000004027846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2449ae68002316d2021-12-22 12:46:27.446root 11241100x80000000000000004027847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea183eec01010b22021-12-22 12:46:27.446root 11241100x80000000000000004027848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a517d90e54b6252021-12-22 12:46:27.446root 11241100x80000000000000004027849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd648796324de2142021-12-22 12:46:27.446root 11241100x80000000000000004027850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a831748c8ded882021-12-22 12:46:27.446root 11241100x80000000000000004027851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1686cbcc7e1964972021-12-22 12:46:27.446root 11241100x80000000000000004027852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e846418c3affbb7d2021-12-22 12:46:27.446root 11241100x80000000000000004027853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04ee6413f90a0402021-12-22 12:46:27.446root 11241100x80000000000000004027854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2edff5cb90edaa2021-12-22 12:46:27.446root 11241100x80000000000000004027855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b802ea30886e7d962021-12-22 12:46:27.447root 11241100x80000000000000004027856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52dbb473d8573202021-12-22 12:46:27.447root 11241100x80000000000000004027857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1f140a7f3f059f2021-12-22 12:46:27.447root 11241100x80000000000000004027858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ed40ba0cf4feb72021-12-22 12:46:27.447root 11241100x80000000000000004027859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36631d4161961fb2021-12-22 12:46:27.447root 11241100x80000000000000004027860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa487d689f0ce902021-12-22 12:46:27.447root 11241100x80000000000000004027861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95796a75fa1df9b32021-12-22 12:46:27.447root 11241100x80000000000000004027862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbcbb4a986732082021-12-22 12:46:27.447root 11241100x80000000000000004027863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e71e0ec56b80572021-12-22 12:46:27.447root 11241100x80000000000000004027864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6909d186257887c2021-12-22 12:46:27.447root 11241100x80000000000000004027865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94f7d53762d26262021-12-22 12:46:27.447root 11241100x80000000000000004027866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4c1be3679ba1622021-12-22 12:46:27.447root 11241100x80000000000000004027867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd61082d04f602132021-12-22 12:46:27.447root 11241100x80000000000000004027868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9091a96e177068682021-12-22 12:46:27.448root 11241100x80000000000000004027869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adab8e42f2823cc2021-12-22 12:46:27.448root 11241100x80000000000000004027870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d631d81ac3c5f62021-12-22 12:46:27.448root 11241100x80000000000000004027871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41593e3dd3875ca22021-12-22 12:46:27.448root 11241100x80000000000000004027872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f8778b8b6596452021-12-22 12:46:27.448root 11241100x80000000000000004027873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c25767fba2d59542021-12-22 12:46:27.448root 11241100x80000000000000004027874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f9569ccc4f567c2021-12-22 12:46:27.448root 11241100x80000000000000004027875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442bcffcb4569dbb2021-12-22 12:46:27.448root 11241100x80000000000000004027876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069eb92ccaf7c4a12021-12-22 12:46:27.448root 11241100x80000000000000004027877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7c0b0e430742aa2021-12-22 12:46:27.448root 11241100x80000000000000004027878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3416b2ba76fe2322021-12-22 12:46:27.449root 11241100x80000000000000004027879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c96cfc8f7c3f0f2021-12-22 12:46:27.449root 11241100x80000000000000004027880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbe5613167819422021-12-22 12:46:27.449root 11241100x80000000000000004027881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe4e9a9af789ec42021-12-22 12:46:27.449root 11241100x80000000000000004027882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7658df2029899512021-12-22 12:46:27.449root 11241100x80000000000000004027883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d885ffbc4e10a32021-12-22 12:46:27.449root 11241100x80000000000000004027884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f1361cc27c54ab2021-12-22 12:46:27.449root 11241100x80000000000000004027885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098c18e524a7da172021-12-22 12:46:27.449root 11241100x80000000000000004027886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aaa7d9345886e72021-12-22 12:46:27.449root 11241100x80000000000000004027887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598b2c514ea181582021-12-22 12:46:27.450root 11241100x80000000000000004027888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b60a83d9301a5e2021-12-22 12:46:27.450root 11241100x80000000000000004027889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09e0528e6bb2a0f2021-12-22 12:46:27.450root 11241100x80000000000000004027890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f937004f09867bc82021-12-22 12:46:27.450root 11241100x80000000000000004027891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ded431f777ed4f82021-12-22 12:46:27.450root 11241100x80000000000000004027892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad70b80313f722ba2021-12-22 12:46:27.450root 11241100x80000000000000004027893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc362a44a5a507462021-12-22 12:46:27.450root 11241100x80000000000000004027894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13236470723c99e82021-12-22 12:46:27.450root 11241100x80000000000000004027895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03a77b34f859fbb2021-12-22 12:46:27.450root 11241100x80000000000000004027896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca92a51df2aa5592021-12-22 12:46:27.450root 11241100x80000000000000004027897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb2b2183698f89a2021-12-22 12:46:27.450root 11241100x80000000000000004027898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe745a0b1b5cc22021-12-22 12:46:27.450root 11241100x80000000000000004027899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d961d505b33eed2021-12-22 12:46:27.451root 11241100x80000000000000004027900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb089a04f9f6c22a2021-12-22 12:46:27.451root 11241100x80000000000000004027901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0322b293eaea0b2021-12-22 12:46:27.451root 11241100x80000000000000004027902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35540814febd90272021-12-22 12:46:27.451root 11241100x80000000000000004027903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf05992a69744e22021-12-22 12:46:27.451root 11241100x80000000000000004027904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155b1057b2d228652021-12-22 12:46:27.451root 11241100x80000000000000004027905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734fb46b8232802d2021-12-22 12:46:27.451root 11241100x80000000000000004027906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7491d835a60cc0512021-12-22 12:46:27.451root 11241100x80000000000000004027907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c831338e7e04092021-12-22 12:46:27.451root 11241100x80000000000000004027908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a16730797daabba2021-12-22 12:46:27.451root 11241100x80000000000000004027909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b41ee32c9d93fea2021-12-22 12:46:27.451root 11241100x80000000000000004027910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2463d4a7f163bd992021-12-22 12:46:27.451root 11241100x80000000000000004027911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dae6b969268fa52021-12-22 12:46:27.451root 11241100x80000000000000004027912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5656cefadd10c2ef2021-12-22 12:46:27.451root 11241100x80000000000000004027913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a2a4ca289f6b192021-12-22 12:46:27.452root 11241100x80000000000000004027914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71288adce98c67b62021-12-22 12:46:27.452root 11241100x80000000000000004027915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db528a0efdc1aeb02021-12-22 12:46:27.452root 11241100x80000000000000004027916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf5440dcc4acb382021-12-22 12:46:27.452root 11241100x80000000000000004027917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f81d9c263930dbe2021-12-22 12:46:27.452root 11241100x80000000000000004027918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c6e78b698d68222021-12-22 12:46:27.452root 11241100x80000000000000004027919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1378db64dc9a63142021-12-22 12:46:27.452root 11241100x80000000000000004027920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790ef65c08ec574c2021-12-22 12:46:27.452root 11241100x80000000000000004027921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f07aad346b61a292021-12-22 12:46:27.453root 11241100x80000000000000004027922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ad4e8eadea89e92021-12-22 12:46:27.453root 11241100x80000000000000004027923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2536b57349910b972021-12-22 12:46:27.453root 11241100x80000000000000004027924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc83ce783c3cf1c22021-12-22 12:46:27.453root 11241100x80000000000000004027925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db3fe2ab0d32f3e2021-12-22 12:46:27.453root 11241100x80000000000000004027926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c50da6e22826bc62021-12-22 12:46:27.453root 11241100x80000000000000004027927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bff4ab5892b5a2c2021-12-22 12:46:27.453root 11241100x80000000000000004027928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55bda32ced680cd2021-12-22 12:46:27.943root 11241100x80000000000000004027929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ec5acc70cf94b52021-12-22 12:46:27.943root 11241100x80000000000000004027930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ba85b37fd035612021-12-22 12:46:27.943root 11241100x80000000000000004027931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4628abfb2ab0ced22021-12-22 12:46:27.943root 11241100x80000000000000004027932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffa15cc5a3dfd9d2021-12-22 12:46:27.943root 11241100x80000000000000004027933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18650fe81b7da472021-12-22 12:46:27.943root 11241100x80000000000000004027934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe0b818747d7b4e2021-12-22 12:46:27.943root 11241100x80000000000000004027935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6110cc3549a4cffc2021-12-22 12:46:27.943root 11241100x80000000000000004027936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55b7651c4aba87e2021-12-22 12:46:27.943root 11241100x80000000000000004027937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fa367931f0089d2021-12-22 12:46:27.943root 11241100x80000000000000004027938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f164526919e4e152021-12-22 12:46:27.944root 11241100x80000000000000004027939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb7e1603c32231e2021-12-22 12:46:27.944root 11241100x80000000000000004027940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d63a39b03788652021-12-22 12:46:27.944root 11241100x80000000000000004027941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9456dbc68bf0e74a2021-12-22 12:46:27.944root 11241100x80000000000000004027942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e1534992cdf1ed2021-12-22 12:46:27.944root 11241100x80000000000000004027943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18b34ae45db95652021-12-22 12:46:27.944root 11241100x80000000000000004027944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f411d20d8201acb92021-12-22 12:46:27.945root 11241100x80000000000000004027945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933d67ff47a7785e2021-12-22 12:46:27.945root 11241100x80000000000000004027946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e326e80a93926b922021-12-22 12:46:27.945root 11241100x80000000000000004027947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376c4f23155ef8f32021-12-22 12:46:27.945root 11241100x80000000000000004027948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caa1ffee12796b22021-12-22 12:46:27.945root 11241100x80000000000000004027949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697750cfc66e97942021-12-22 12:46:27.945root 11241100x80000000000000004027950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ebe2c6712eff032021-12-22 12:46:27.945root 11241100x80000000000000004027951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1e7a6db8d2384c2021-12-22 12:46:27.946root 11241100x80000000000000004027952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda62daabe2d82b02021-12-22 12:46:27.946root 11241100x80000000000000004027953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21626fab8291e6652021-12-22 12:46:27.946root 11241100x80000000000000004027954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117e0dea0d4832662021-12-22 12:46:27.946root 11241100x80000000000000004027955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a623ab579020cc2e2021-12-22 12:46:27.946root 11241100x80000000000000004027956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8b6c96897bb8db2021-12-22 12:46:27.946root 11241100x80000000000000004027957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb41db2a677100ec2021-12-22 12:46:27.946root 11241100x80000000000000004027958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccae5f58547676c2021-12-22 12:46:27.946root 11241100x80000000000000004027959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861054991a5f1de72021-12-22 12:46:27.947root 11241100x80000000000000004027960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f9bd5d471da39b2021-12-22 12:46:27.947root 11241100x80000000000000004027961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420d4d799d5d1b5f2021-12-22 12:46:27.947root 11241100x80000000000000004027962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7d06ef24407c1b2021-12-22 12:46:27.947root 11241100x80000000000000004027963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b2a4ab4905f2752021-12-22 12:46:27.947root 11241100x80000000000000004027964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbf7783352376622021-12-22 12:46:27.948root 11241100x80000000000000004027965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4ea60c9081f99a2021-12-22 12:46:27.948root 11241100x80000000000000004027966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6438dd46e540d3d2021-12-22 12:46:27.948root 11241100x80000000000000004027967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e684f527077c032021-12-22 12:46:27.948root 11241100x80000000000000004027968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82acc7b2e81abfe2021-12-22 12:46:27.948root 11241100x80000000000000004027969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2158b975c17df12021-12-22 12:46:27.948root 11241100x80000000000000004027970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec9db69536e160b2021-12-22 12:46:27.948root 11241100x80000000000000004027971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e03100857428732021-12-22 12:46:27.949root 11241100x80000000000000004027972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab64ae95286593442021-12-22 12:46:27.950root 11241100x80000000000000004027973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b07f34f7ea45e862021-12-22 12:46:27.950root 11241100x80000000000000004027974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22ca89e622683552021-12-22 12:46:27.951root 11241100x80000000000000004027975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42de4a2fdf9d6a8f2021-12-22 12:46:27.951root 11241100x80000000000000004027976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f04d691fd3aa7d2021-12-22 12:46:27.952root 11241100x80000000000000004027977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0751f2a01732322021-12-22 12:46:27.953root 11241100x80000000000000004027978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852325eef697ff242021-12-22 12:46:27.953root 11241100x80000000000000004027979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a00b88315dc5fb2021-12-22 12:46:27.953root 11241100x80000000000000004027980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d92ecd16025f2c02021-12-22 12:46:27.954root 11241100x80000000000000004027981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49a7fc3aa1cafba2021-12-22 12:46:27.954root 11241100x80000000000000004027982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc9cc3d7f0eacd32021-12-22 12:46:27.955root 11241100x80000000000000004027983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224512f503b2b19a2021-12-22 12:46:27.955root 11241100x80000000000000004027984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe6bcfecdef13b82021-12-22 12:46:27.955root 11241100x80000000000000004027985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a8c8472a83206a2021-12-22 12:46:27.955root 11241100x80000000000000004027986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dc79279804b8c02021-12-22 12:46:27.956root 11241100x80000000000000004027987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b751faf4746fb772021-12-22 12:46:27.956root 11241100x80000000000000004027988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d418381a3300e302021-12-22 12:46:27.956root 11241100x80000000000000004027989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a64e60cc1081d02021-12-22 12:46:27.957root 11241100x80000000000000004027990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03471b17bc1d24972021-12-22 12:46:27.957root 11241100x80000000000000004027991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068db491b556d65b2021-12-22 12:46:27.957root 11241100x80000000000000004027992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c050b878182508e2021-12-22 12:46:27.958root 11241100x80000000000000004027993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae297e92b2565032021-12-22 12:46:27.958root 11241100x80000000000000004027994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e570706e29ea3222021-12-22 12:46:27.958root 11241100x80000000000000004027995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203fd6fde8ac62822021-12-22 12:46:27.959root 11241100x80000000000000004027996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c771bd36da565292021-12-22 12:46:27.959root 11241100x80000000000000004027997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4593eaf4079c6a2021-12-22 12:46:27.959root 11241100x80000000000000004027998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf937b6f4405cbd82021-12-22 12:46:27.960root 11241100x80000000000000004027999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66644f1642e84232021-12-22 12:46:27.960root 11241100x80000000000000004028000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a774396e4ead4f532021-12-22 12:46:27.960root 11241100x80000000000000004028001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f192630887c86dd12021-12-22 12:46:27.961root 11241100x80000000000000004028002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8aaec8aea44c3892021-12-22 12:46:27.961root 11241100x80000000000000004028003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34928bd33935dd532021-12-22 12:46:27.962root 11241100x80000000000000004028004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6bde1c8d3ddbd22021-12-22 12:46:27.962root 11241100x80000000000000004028005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caff70857d91f0a2021-12-22 12:46:27.962root 11241100x80000000000000004028006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bca6e43af5ec112021-12-22 12:46:27.963root 11241100x80000000000000004028007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2306037ed053aacd2021-12-22 12:46:27.963root 11241100x80000000000000004028008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64128b262c5d16852021-12-22 12:46:27.963root 11241100x80000000000000004028009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7707e7aea0bf50f92021-12-22 12:46:27.963root 11241100x80000000000000004028010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1006e0abd4e0612021-12-22 12:46:27.964root 11241100x80000000000000004028011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eddcb67641e00952021-12-22 12:46:27.964root 11241100x80000000000000004028012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bb46e53acdcb7b2021-12-22 12:46:27.964root 11241100x80000000000000004028013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43fdc6c2a9d1f252021-12-22 12:46:27.965root 11241100x80000000000000004028014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f87aa93d71e4b92021-12-22 12:46:27.965root 11241100x80000000000000004028015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e8231d1810e6c52021-12-22 12:46:27.965root 11241100x80000000000000004028016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb35362c0eca61ad2021-12-22 12:46:27.965root 11241100x80000000000000004028017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ec3727fb0588782021-12-22 12:46:27.966root 11241100x80000000000000004028018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7d24dded87d2ac2021-12-22 12:46:27.966root 11241100x80000000000000004028019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d7582a4c5c2c132021-12-22 12:46:27.966root 11241100x80000000000000004028020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37e25cea80a94c72021-12-22 12:46:27.966root 11241100x80000000000000004028021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0fa91ae5bcabb72021-12-22 12:46:27.966root 11241100x80000000000000004028022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766991527ee5e77d2021-12-22 12:46:27.966root 11241100x80000000000000004028023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b684e6ca7d7a38f92021-12-22 12:46:27.966root 11241100x80000000000000004028024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c7e541977fa1122021-12-22 12:46:27.967root 11241100x80000000000000004028025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30ee83825cfaaca2021-12-22 12:46:27.967root 11241100x80000000000000004028026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2d16c1ce0ca2462021-12-22 12:46:27.967root 11241100x80000000000000004028027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9e0531cdaf1a1d2021-12-22 12:46:27.967root 11241100x80000000000000004028028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27260ad84655dc652021-12-22 12:46:27.967root 11241100x80000000000000004028029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b3dafe2f1915072021-12-22 12:46:27.967root 11241100x80000000000000004028030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563f8f9ef2ae37b72021-12-22 12:46:27.967root 11241100x80000000000000004028031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6700669399350f412021-12-22 12:46:27.967root 11241100x80000000000000004028032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00c54527065a0c02021-12-22 12:46:27.967root 11241100x80000000000000004028033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277bdadfc2f7f1742021-12-22 12:46:27.967root 11241100x80000000000000004028034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1cdd52df073dce2021-12-22 12:46:27.967root 11241100x80000000000000004028035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1882e74c6d9e122021-12-22 12:46:27.967root 11241100x80000000000000004028036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28e85013c48bf412021-12-22 12:46:27.967root 11241100x80000000000000004028037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1283fc629e4a9f272021-12-22 12:46:27.968root 11241100x80000000000000004028038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5164357a5f8be9e2021-12-22 12:46:27.968root 11241100x80000000000000004028039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff07f1b5a3b22272021-12-22 12:46:27.968root 11241100x80000000000000004028040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710248d47f4f034d2021-12-22 12:46:27.968root 11241100x80000000000000004028041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12b480b59a583d72021-12-22 12:46:27.968root 11241100x80000000000000004028042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134b877c85aa58eb2021-12-22 12:46:27.968root 11241100x80000000000000004028043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6577b04ea2fd0ea2021-12-22 12:46:27.968root 11241100x80000000000000004028044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddc2b59b6f9c5bd2021-12-22 12:46:27.968root 11241100x80000000000000004028045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047da95402eaaffe2021-12-22 12:46:27.968root 11241100x80000000000000004028046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611d7da0219bca522021-12-22 12:46:27.968root 11241100x80000000000000004028047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1931ba5d001dd3512021-12-22 12:46:27.968root 11241100x80000000000000004028048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4fd90a57a5929c2021-12-22 12:46:27.968root 11241100x80000000000000004028049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f87a138684d72cd2021-12-22 12:46:27.968root 11241100x80000000000000004028050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24caf48cdf5571722021-12-22 12:46:27.968root 11241100x80000000000000004028051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8866e78d9372afbd2021-12-22 12:46:27.968root 11241100x80000000000000004028052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcd85184fbcd5a12021-12-22 12:46:27.969root 11241100x80000000000000004028053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a7edc6c43683a72021-12-22 12:46:27.969root 11241100x80000000000000004028054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcedd8ba4004b5532021-12-22 12:46:27.969root 11241100x80000000000000004028055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca713f52708de62021-12-22 12:46:27.969root 11241100x80000000000000004028056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306f80a00e57d67f2021-12-22 12:46:27.969root 11241100x80000000000000004028057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7085b41bc3b08f0d2021-12-22 12:46:27.969root 11241100x80000000000000004028058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ff6c5677e0062d2021-12-22 12:46:27.971root 11241100x80000000000000004028059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08f88c210c1c4072021-12-22 12:46:27.971root 11241100x80000000000000004028060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2103372294fe3e2021-12-22 12:46:27.971root 11241100x80000000000000004028061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b15c820e7e3a9c2021-12-22 12:46:27.971root 11241100x80000000000000004028062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7112f4960e72f1862021-12-22 12:46:27.971root 11241100x80000000000000004028063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9036cb28d8b141972021-12-22 12:46:27.971root 11241100x80000000000000004028064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a097584d58838ca92021-12-22 12:46:27.971root 11241100x80000000000000004028065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdf3c8c4182fed22021-12-22 12:46:27.971root 11241100x80000000000000004028066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831129cb1e84169d2021-12-22 12:46:27.971root 11241100x80000000000000004028067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f78e52c157f494f2021-12-22 12:46:27.972root 11241100x80000000000000004028068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eefb42af568a4002021-12-22 12:46:27.972root 11241100x80000000000000004028069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b656cb7ba62e5312021-12-22 12:46:27.972root 11241100x80000000000000004028070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1ebc6274cbaa742021-12-22 12:46:27.972root 11241100x80000000000000004028071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb7078cd2609572021-12-22 12:46:27.972root 11241100x80000000000000004028072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4bd7229d7b42362021-12-22 12:46:27.972root 11241100x80000000000000004028073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09b3916dedf3cc12021-12-22 12:46:27.972root 11241100x80000000000000004028074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021309cd4cbf138d2021-12-22 12:46:27.972root 11241100x80000000000000004028075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4b3859fdb1e0b02021-12-22 12:46:27.972root 11241100x80000000000000004028076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee337150ce956ac2021-12-22 12:46:27.972root 11241100x80000000000000004028077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9712e6065db4f90c2021-12-22 12:46:27.972root 11241100x80000000000000004028078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc9c4ffeb0a17c72021-12-22 12:46:27.972root 11241100x80000000000000004028079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a08757541d39baf2021-12-22 12:46:27.972root 11241100x80000000000000004028080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a349c39b8c6617d2021-12-22 12:46:27.973root 11241100x80000000000000004028081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9053240758506e132021-12-22 12:46:27.973root 11241100x80000000000000004028082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461a24867020aa092021-12-22 12:46:27.973root 11241100x80000000000000004028083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fec71b9f7cbfd82021-12-22 12:46:27.973root 11241100x80000000000000004028084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d258e4ee4f2740072021-12-22 12:46:27.973root 11241100x80000000000000004028085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5dc28d846d4fbd2021-12-22 12:46:27.973root 11241100x80000000000000004028086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caef2b89156a2772021-12-22 12:46:27.973root 11241100x80000000000000004028087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8149e02f309f1c732021-12-22 12:46:27.973root 11241100x80000000000000004028088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7afaaf3d5822262021-12-22 12:46:27.973root 11241100x80000000000000004028089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f2eadc413068312021-12-22 12:46:27.973root 11241100x80000000000000004028090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35090f66b619edad2021-12-22 12:46:27.973root 11241100x80000000000000004028091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0798cb907028dc2021-12-22 12:46:27.974root 11241100x80000000000000004028092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:27.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52cf994cb3b9a072021-12-22 12:46:27.974root 11241100x80000000000000004028093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ca4a230b58a7b82021-12-22 12:46:28.442root 11241100x80000000000000004028094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fc9962709ed5702021-12-22 12:46:28.443root 11241100x80000000000000004028095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc0bb8d7c7d1ae82021-12-22 12:46:28.443root 11241100x80000000000000004028096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d28b0255bef7a092021-12-22 12:46:28.443root 11241100x80000000000000004028097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ef6a766f38b1e52021-12-22 12:46:28.443root 11241100x80000000000000004028098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b39098ad05abbee2021-12-22 12:46:28.443root 11241100x80000000000000004028099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3476d830850d5462021-12-22 12:46:28.443root 11241100x80000000000000004028100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f432196d8f80802021-12-22 12:46:28.443root 11241100x80000000000000004028101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06a1a3962956a072021-12-22 12:46:28.443root 11241100x80000000000000004028102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5f539d45a78fe72021-12-22 12:46:28.443root 11241100x80000000000000004028103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed3f19b2bb5cbc12021-12-22 12:46:28.444root 11241100x80000000000000004028104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7213118e2fc563f92021-12-22 12:46:28.444root 11241100x80000000000000004028105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0eb1c0a21d725d2021-12-22 12:46:28.444root 11241100x80000000000000004028106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080de15f89258c8f2021-12-22 12:46:28.444root 11241100x80000000000000004028107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5515586d7e73f62021-12-22 12:46:28.444root 11241100x80000000000000004028108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9174bfcf5eb04872021-12-22 12:46:28.444root 11241100x80000000000000004028109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3f68c10363653a2021-12-22 12:46:28.444root 11241100x80000000000000004028110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70d412a4e1996702021-12-22 12:46:28.444root 11241100x80000000000000004028111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d265942d5580f3b2021-12-22 12:46:28.445root 11241100x80000000000000004028112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34540cd8035cd0202021-12-22 12:46:28.445root 11241100x80000000000000004028113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a139e9e945ad7382021-12-22 12:46:28.445root 11241100x80000000000000004028114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87261b5380097c192021-12-22 12:46:28.445root 11241100x80000000000000004028115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c4464fc713cbc62021-12-22 12:46:28.445root 11241100x80000000000000004028116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20714383ccc382332021-12-22 12:46:28.445root 11241100x80000000000000004028117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a1aa91d3bdd1be2021-12-22 12:46:28.446root 11241100x80000000000000004028118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f05b2e3b33eb942021-12-22 12:46:28.446root 11241100x80000000000000004028119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6189b8cc85135d2021-12-22 12:46:28.446root 11241100x80000000000000004028120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c758e71d29efa75a2021-12-22 12:46:28.446root 11241100x80000000000000004028121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba60f31e064d82f2021-12-22 12:46:28.446root 11241100x80000000000000004028122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d7c1dcce4012612021-12-22 12:46:28.446root 11241100x80000000000000004028123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0003e2b4be26ac2021-12-22 12:46:28.446root 11241100x80000000000000004028124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9a386ef040486a2021-12-22 12:46:28.447root 11241100x80000000000000004028125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fad64abf9161072021-12-22 12:46:28.447root 11241100x80000000000000004028126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4037898e26530f02021-12-22 12:46:28.447root 11241100x80000000000000004028127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8383772eb7573f2021-12-22 12:46:28.447root 11241100x80000000000000004028128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1db20cfa779dbfc2021-12-22 12:46:28.447root 11241100x80000000000000004028129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffdbbd3c5a1fc2c2021-12-22 12:46:28.447root 11241100x80000000000000004028130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cd65fb2b67788b2021-12-22 12:46:28.447root 11241100x80000000000000004028131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788085b9e049ee062021-12-22 12:46:28.447root 11241100x80000000000000004028132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fe246881231e212021-12-22 12:46:28.447root 11241100x80000000000000004028133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116fbd045450c4652021-12-22 12:46:28.448root 11241100x80000000000000004028134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4751f7052ac39b6d2021-12-22 12:46:28.448root 11241100x80000000000000004028135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9866143ecb6f25a2021-12-22 12:46:28.448root 11241100x80000000000000004028136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea79d195f1d3fcf32021-12-22 12:46:28.448root 11241100x80000000000000004028137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094979ca96c1a9052021-12-22 12:46:28.448root 11241100x80000000000000004028138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906983b43942fa442021-12-22 12:46:28.448root 11241100x80000000000000004028139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2f3d7121e9b8b62021-12-22 12:46:28.448root 11241100x80000000000000004028140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094e454b0e78ca112021-12-22 12:46:28.448root 11241100x80000000000000004028141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfb56d11fef3c1a2021-12-22 12:46:28.449root 11241100x80000000000000004028142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d09a9a3d69ed752021-12-22 12:46:28.449root 11241100x80000000000000004028143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de818dade3747be02021-12-22 12:46:28.449root 11241100x80000000000000004028144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7fbeda30a120712021-12-22 12:46:28.449root 11241100x80000000000000004028145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8108b93f5e001a22021-12-22 12:46:28.449root 11241100x80000000000000004028146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3017f82228c43e22021-12-22 12:46:28.449root 11241100x80000000000000004028147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94c65fa66db1f2f2021-12-22 12:46:28.449root 11241100x80000000000000004028148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a95cc4727961f12021-12-22 12:46:28.449root 11241100x80000000000000004028149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d588088ce9748522021-12-22 12:46:28.449root 11241100x80000000000000004028150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69aacc0e3c94988e2021-12-22 12:46:28.449root 11241100x80000000000000004028151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9554f30c27bafa2021-12-22 12:46:28.449root 11241100x80000000000000004028152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77b032feb2df24c2021-12-22 12:46:28.449root 11241100x80000000000000004028153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc877496b5040db82021-12-22 12:46:28.449root 11241100x80000000000000004028154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fca7d9b12c46202021-12-22 12:46:28.449root 11241100x80000000000000004028155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf83dd6156eda1462021-12-22 12:46:28.450root 11241100x80000000000000004028156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82423edebba08b6c2021-12-22 12:46:28.450root 11241100x80000000000000004028157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b12ff9f9b5217852021-12-22 12:46:28.450root 11241100x80000000000000004028158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b0e873c96a6eec2021-12-22 12:46:28.450root 11241100x80000000000000004028159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0796c3895776c02021-12-22 12:46:28.450root 11241100x80000000000000004028160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1505ca931e6faa082021-12-22 12:46:28.450root 11241100x80000000000000004028161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fac081913ea6a1f2021-12-22 12:46:28.450root 11241100x80000000000000004028162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67866d610798fcd02021-12-22 12:46:28.450root 11241100x80000000000000004028163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851a3b3d2950c93b2021-12-22 12:46:28.450root 11241100x80000000000000004028164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3a4834aeb572f72021-12-22 12:46:28.450root 11241100x80000000000000004028165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852e20af905b7a842021-12-22 12:46:28.450root 11241100x80000000000000004028166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d52699faf910122021-12-22 12:46:28.450root 11241100x80000000000000004028167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4577f33d8aa0729b2021-12-22 12:46:28.451root 11241100x80000000000000004028168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22d3a6227f7ccd52021-12-22 12:46:28.451root 11241100x80000000000000004028169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d251a1e4a8f7c8d32021-12-22 12:46:28.451root 11241100x80000000000000004028170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c301269166c7a682021-12-22 12:46:28.451root 11241100x80000000000000004028171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168a78048086a14a2021-12-22 12:46:28.451root 11241100x80000000000000004028172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5be758df08ec4402021-12-22 12:46:28.451root 11241100x80000000000000004028173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a4f80fda61270e2021-12-22 12:46:28.451root 11241100x80000000000000004028174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82329ba64d30b542021-12-22 12:46:28.451root 11241100x80000000000000004028175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06419be35e2ebaa2021-12-22 12:46:28.451root 11241100x80000000000000004028176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229a3d1fd8eaa8d02021-12-22 12:46:28.451root 11241100x80000000000000004028177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e152024b9d7329f92021-12-22 12:46:28.451root 11241100x80000000000000004028178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34960b4c16e9838b2021-12-22 12:46:28.451root 11241100x80000000000000004028179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbda691784bc9f542021-12-22 12:46:28.451root 11241100x80000000000000004028180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b53d9551e859992021-12-22 12:46:28.452root 11241100x80000000000000004028181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c1a4bf4404f8812021-12-22 12:46:28.452root 11241100x80000000000000004028182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f62c76af45f51e2021-12-22 12:46:28.452root 11241100x80000000000000004028183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b919e42d5fb0e682021-12-22 12:46:28.452root 11241100x80000000000000004028184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aee162366271bc72021-12-22 12:46:28.452root 11241100x80000000000000004028185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad1d29bf5a404e62021-12-22 12:46:28.452root 11241100x80000000000000004028186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ce34a907d398232021-12-22 12:46:28.452root 11241100x80000000000000004028187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f1af6b3be9dc292021-12-22 12:46:28.452root 11241100x80000000000000004028188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8357015cda5f617d2021-12-22 12:46:28.452root 11241100x80000000000000004028189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da6b7147ce1f2522021-12-22 12:46:28.452root 11241100x80000000000000004028190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ca6ba9c706205a2021-12-22 12:46:28.452root 11241100x80000000000000004028191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f9bcad924d06892021-12-22 12:46:28.452root 11241100x80000000000000004028192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b4977b0a9733a22021-12-22 12:46:28.452root 11241100x80000000000000004028193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b0d32e7320d8ef2021-12-22 12:46:28.452root 11241100x80000000000000004028194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c26afa5fa7cc6422021-12-22 12:46:28.453root 11241100x80000000000000004028195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d9c6a51f522e8e2021-12-22 12:46:28.453root 11241100x80000000000000004028196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964d19f13bc7beb72021-12-22 12:46:28.453root 11241100x80000000000000004028197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda5fe92fa4224512021-12-22 12:46:28.453root 11241100x80000000000000004028198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cae3e12d1a661a52021-12-22 12:46:28.453root 11241100x80000000000000004028199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb950ba6aeab9892021-12-22 12:46:28.453root 11241100x80000000000000004028200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d7c2b3f41b7f9e2021-12-22 12:46:28.453root 11241100x80000000000000004028201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff9104b4d8b7ef52021-12-22 12:46:28.453root 11241100x80000000000000004028202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887b341e07b2578e2021-12-22 12:46:28.453root 11241100x80000000000000004028203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8877677498af34e2021-12-22 12:46:28.453root 11241100x80000000000000004028204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77e51b5457efe6c2021-12-22 12:46:28.453root 11241100x80000000000000004028205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbc340894888f832021-12-22 12:46:28.453root 11241100x80000000000000004028206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afd532c8557fc4f2021-12-22 12:46:28.453root 11241100x80000000000000004028207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3ff4dddf2ae6222021-12-22 12:46:28.453root 11241100x80000000000000004028208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa081f6a0ac07f42021-12-22 12:46:28.453root 11241100x80000000000000004028209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de26471a7cad1c2d2021-12-22 12:46:28.943root 11241100x80000000000000004028210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c8cd57833648f72021-12-22 12:46:28.943root 11241100x80000000000000004028211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef152545709f2a92021-12-22 12:46:28.943root 11241100x80000000000000004028212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c19547bae410752021-12-22 12:46:28.943root 11241100x80000000000000004028213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7522af0cc9d5952021-12-22 12:46:28.943root 11241100x80000000000000004028214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01922e7674467c32021-12-22 12:46:28.944root 11241100x80000000000000004028215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21bc207504464842021-12-22 12:46:28.944root 11241100x80000000000000004028216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86723e47adc2dfa32021-12-22 12:46:28.944root 11241100x80000000000000004028217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518cc721bfcdb3332021-12-22 12:46:28.944root 11241100x80000000000000004028218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14dfbb142144e302021-12-22 12:46:28.944root 11241100x80000000000000004028219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52df4c2e058fcf612021-12-22 12:46:28.944root 11241100x80000000000000004028220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a0dd8641f53eeb2021-12-22 12:46:28.944root 11241100x80000000000000004028221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d4621cf6aa03d52021-12-22 12:46:28.944root 11241100x80000000000000004028222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b6c1070baf73e32021-12-22 12:46:28.944root 11241100x80000000000000004028223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb2f6d682fc3b602021-12-22 12:46:28.944root 11241100x80000000000000004028224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c012b0ed8ec9fd9d2021-12-22 12:46:28.945root 11241100x80000000000000004028225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f1884b8729a80a2021-12-22 12:46:28.945root 11241100x80000000000000004028226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e209ff24acdf63b2021-12-22 12:46:28.945root 11241100x80000000000000004028227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a9d8413dae6e632021-12-22 12:46:28.945root 11241100x80000000000000004028228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b688c7d88477b35b2021-12-22 12:46:28.945root 11241100x80000000000000004028229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5d7ae8c38e1c292021-12-22 12:46:28.945root 11241100x80000000000000004028230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbb35e3190d24d52021-12-22 12:46:28.945root 11241100x80000000000000004028231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3a5ed4f449903e2021-12-22 12:46:28.945root 11241100x80000000000000004028232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc6036cafaf77e52021-12-22 12:46:28.945root 11241100x80000000000000004028233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a8ffbaf6db84e92021-12-22 12:46:28.945root 11241100x80000000000000004028234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5838e034ce124c842021-12-22 12:46:28.945root 11241100x80000000000000004028235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b7907abc5ebe322021-12-22 12:46:28.946root 11241100x80000000000000004028236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cc5dfa0475ea3c2021-12-22 12:46:28.946root 11241100x80000000000000004028237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2a079ff698f8cd2021-12-22 12:46:28.946root 11241100x80000000000000004028238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75ce63d2e2fb6522021-12-22 12:46:28.946root 11241100x80000000000000004028239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88d9249ce2c2be52021-12-22 12:46:28.946root 11241100x80000000000000004028240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3972a0f52aa94a2021-12-22 12:46:28.946root 11241100x80000000000000004028241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b6b05792a6177c2021-12-22 12:46:28.946root 11241100x80000000000000004028242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279e13257981cccd2021-12-22 12:46:28.946root 11241100x80000000000000004028243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6808f023ba9e5842021-12-22 12:46:28.946root 11241100x80000000000000004028244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7730aa71c6299d2021-12-22 12:46:28.946root 11241100x80000000000000004028245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94143e8c887dfa492021-12-22 12:46:28.947root 11241100x80000000000000004028246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1961f746005307eb2021-12-22 12:46:28.947root 11241100x80000000000000004028247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ea6add62dc3f7e2021-12-22 12:46:28.947root 11241100x80000000000000004028248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9121c271bb39dcfb2021-12-22 12:46:28.947root 11241100x80000000000000004028249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638db4208b76513a2021-12-22 12:46:28.947root 11241100x80000000000000004028250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699e16cd66d8561b2021-12-22 12:46:28.947root 11241100x80000000000000004028251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d3ed0a64b73f9d2021-12-22 12:46:28.947root 11241100x80000000000000004028252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5644a2725aeda45c2021-12-22 12:46:28.947root 11241100x80000000000000004028253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f1faac904f89792021-12-22 12:46:28.947root 11241100x80000000000000004028254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afda631ab9d27fe2021-12-22 12:46:28.947root 11241100x80000000000000004028255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238f42db383daccc2021-12-22 12:46:28.947root 11241100x80000000000000004028256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3aa31498237a1f2021-12-22 12:46:28.948root 11241100x80000000000000004028257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f0b8ad443350812021-12-22 12:46:28.948root 11241100x80000000000000004028258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8711706f6ff5862021-12-22 12:46:28.948root 11241100x80000000000000004028259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390f25d07d9b14582021-12-22 12:46:28.948root 11241100x80000000000000004028260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783de2e8c6ba4d1a2021-12-22 12:46:28.949root 11241100x80000000000000004028261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3569f4e8108032b82021-12-22 12:46:28.949root 11241100x80000000000000004028262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c0fa13dd4803862021-12-22 12:46:28.949root 11241100x80000000000000004028263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b23a8183a8450e22021-12-22 12:46:28.949root 11241100x80000000000000004028264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc68d532ca633c482021-12-22 12:46:28.949root 11241100x80000000000000004028265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e3ce4cfe5583c32021-12-22 12:46:28.949root 11241100x80000000000000004028266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a83e64b94d54b12021-12-22 12:46:28.950root 11241100x80000000000000004028267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b83a1338190b9d32021-12-22 12:46:28.950root 11241100x80000000000000004028268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e08cfe8e95e38c2021-12-22 12:46:28.950root 11241100x80000000000000004028269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9edcd9d668f1312021-12-22 12:46:28.950root 11241100x80000000000000004028270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc70a7c24e95c9842021-12-22 12:46:28.950root 11241100x80000000000000004028271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1d9bd37d3c852b2021-12-22 12:46:28.950root 11241100x80000000000000004028272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e71306497f2c95f2021-12-22 12:46:28.950root 11241100x80000000000000004028273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ac17abc1da9f0e2021-12-22 12:46:28.950root 354300x80000000000000004028274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.049{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56886-false10.0.1.12-8000- 11241100x80000000000000004028275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a50282202c1acf52021-12-22 12:46:29.443root 11241100x80000000000000004028276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba41649c33ade322021-12-22 12:46:29.443root 11241100x80000000000000004028277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2c0d1d10f5e6c52021-12-22 12:46:29.443root 11241100x80000000000000004028278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9b025e8dc1771b2021-12-22 12:46:29.443root 11241100x80000000000000004028279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9f276e2c1742912021-12-22 12:46:29.444root 11241100x80000000000000004028280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1db9e109a9509ba2021-12-22 12:46:29.444root 11241100x80000000000000004028281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eda9d2a4d9e8a82021-12-22 12:46:29.444root 11241100x80000000000000004028282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6202815160dd81592021-12-22 12:46:29.444root 11241100x80000000000000004028283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bd518e620d84142021-12-22 12:46:29.444root 11241100x80000000000000004028284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e428e6e7c3c9536d2021-12-22 12:46:29.444root 11241100x80000000000000004028285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0337932bf59b211e2021-12-22 12:46:29.444root 11241100x80000000000000004028286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f9683520d409072021-12-22 12:46:29.444root 11241100x80000000000000004028287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415560853b24ceed2021-12-22 12:46:29.444root 11241100x80000000000000004028288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665450500b5d81612021-12-22 12:46:29.444root 11241100x80000000000000004028289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2bec1dbe42f1eb2021-12-22 12:46:29.444root 11241100x80000000000000004028290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11d22099d38ee932021-12-22 12:46:29.444root 11241100x80000000000000004028291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d5564210d555b32021-12-22 12:46:29.444root 11241100x80000000000000004028292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c651bc537665af2021-12-22 12:46:29.444root 11241100x80000000000000004028293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dd0229db4052592021-12-22 12:46:29.445root 11241100x80000000000000004028294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb6cacae76dc07c2021-12-22 12:46:29.445root 11241100x80000000000000004028295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ccc9cb02cf702d2021-12-22 12:46:29.445root 11241100x80000000000000004028296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5a6d6332d07f922021-12-22 12:46:29.445root 11241100x80000000000000004028297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f281625388ef9062021-12-22 12:46:29.445root 11241100x80000000000000004028298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b563a4e846fa8d9d2021-12-22 12:46:29.445root 11241100x80000000000000004028299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44432101f44ec9562021-12-22 12:46:29.446root 11241100x80000000000000004028300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0d8c4f3fc7ee0e2021-12-22 12:46:29.446root 11241100x80000000000000004028301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959bd1c762436f302021-12-22 12:46:29.446root 11241100x80000000000000004028302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d375bd18e955942021-12-22 12:46:29.447root 11241100x80000000000000004028303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d241a805a99be0472021-12-22 12:46:29.447root 11241100x80000000000000004028304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06162711a83c305f2021-12-22 12:46:29.447root 11241100x80000000000000004028305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3142ad4d8e41ff7f2021-12-22 12:46:29.447root 11241100x80000000000000004028306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b037df9162c4e1742021-12-22 12:46:29.448root 11241100x80000000000000004028307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b076ec00a7e67192021-12-22 12:46:29.448root 11241100x80000000000000004028308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8824e0192374be9e2021-12-22 12:46:29.448root 11241100x80000000000000004028309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c3b94f0c89286f2021-12-22 12:46:29.448root 11241100x80000000000000004028310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c51b467c4dccda2021-12-22 12:46:29.448root 11241100x80000000000000004028311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dbc35e14381e192021-12-22 12:46:29.448root 11241100x80000000000000004028312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4266a1e65fb2422021-12-22 12:46:29.448root 11241100x80000000000000004028313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57ad0e5fdd791b02021-12-22 12:46:29.448root 11241100x80000000000000004028314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dd32fba59ceb752021-12-22 12:46:29.448root 11241100x80000000000000004028315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512ee5509bd4aa002021-12-22 12:46:29.449root 11241100x80000000000000004028316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f2fbfa5dfc4c562021-12-22 12:46:29.449root 11241100x80000000000000004028317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16bd00287d9fc872021-12-22 12:46:29.449root 11241100x80000000000000004028318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc447d3274785f572021-12-22 12:46:29.449root 11241100x80000000000000004028319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f355758873dbaa2021-12-22 12:46:29.449root 11241100x80000000000000004028320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9663134aaae65e2021-12-22 12:46:29.449root 11241100x80000000000000004028321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953f20141f7d96442021-12-22 12:46:29.449root 11241100x80000000000000004028322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eebe01645e6c7d2021-12-22 12:46:29.450root 11241100x80000000000000004028323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83db3b93363c98b72021-12-22 12:46:29.450root 11241100x80000000000000004028324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecef3a6107da7dca2021-12-22 12:46:29.450root 11241100x80000000000000004028325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46643bd493d4e73b2021-12-22 12:46:29.451root 11241100x80000000000000004028326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479222104e1c56742021-12-22 12:46:29.451root 11241100x80000000000000004028327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8037fd9df0d8b83f2021-12-22 12:46:29.451root 11241100x80000000000000004028328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6828ad79183eb32021-12-22 12:46:29.452root 11241100x80000000000000004028329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bbda86f8b06f4a2021-12-22 12:46:29.452root 11241100x80000000000000004028330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a34ee0a3bd9c98b2021-12-22 12:46:29.452root 11241100x80000000000000004028331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a119afd9201baa1a2021-12-22 12:46:29.452root 11241100x80000000000000004028332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a18e348132d6f832021-12-22 12:46:29.453root 11241100x80000000000000004028333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca2799112459b442021-12-22 12:46:29.453root 11241100x80000000000000004028334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb15127ebbc41b52021-12-22 12:46:29.943root 11241100x80000000000000004028335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa50a83e67a1a44e2021-12-22 12:46:29.943root 11241100x80000000000000004028336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384144d7f238ce762021-12-22 12:46:29.943root 11241100x80000000000000004028337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41ad7596d9a67122021-12-22 12:46:29.944root 11241100x80000000000000004028338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77effa31c6c79cc32021-12-22 12:46:29.944root 11241100x80000000000000004028339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51533d7100b52c8a2021-12-22 12:46:29.944root 11241100x80000000000000004028340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3270c42afdd594772021-12-22 12:46:29.944root 11241100x80000000000000004028341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f073604787210e82021-12-22 12:46:29.944root 11241100x80000000000000004028342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac3a527e7457fa82021-12-22 12:46:29.944root 11241100x80000000000000004028343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6fe97e7e61e4d82021-12-22 12:46:29.944root 11241100x80000000000000004028344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc58f346fee055ab2021-12-22 12:46:29.944root 11241100x80000000000000004028345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e3c58246d52a532021-12-22 12:46:29.944root 11241100x80000000000000004028346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f89760bba30da62021-12-22 12:46:29.944root 11241100x80000000000000004028347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13ebe55604d07102021-12-22 12:46:29.945root 11241100x80000000000000004028348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d12fa7ed2c7caf2021-12-22 12:46:29.945root 11241100x80000000000000004028349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2bfd67479fb02a2021-12-22 12:46:29.945root 11241100x80000000000000004028350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4daa786c5da3bd2021-12-22 12:46:29.945root 11241100x80000000000000004028351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e81ba469c9dedc2021-12-22 12:46:29.945root 11241100x80000000000000004028352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69750f7ecece2f7c2021-12-22 12:46:29.945root 11241100x80000000000000004028353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea67d11b7aecd7b72021-12-22 12:46:29.945root 11241100x80000000000000004028354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b18b1888e4fd8d32021-12-22 12:46:29.945root 11241100x80000000000000004028355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08932a9452dbe5d2021-12-22 12:46:29.945root 11241100x80000000000000004028356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762f7fc4ba445d4c2021-12-22 12:46:29.945root 11241100x80000000000000004028357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf092aba065655a2021-12-22 12:46:29.946root 11241100x80000000000000004028358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba6ee59709ccb102021-12-22 12:46:29.946root 11241100x80000000000000004028359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8810ef3e1461ff22021-12-22 12:46:29.946root 11241100x80000000000000004028360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d65ddabd9b93582021-12-22 12:46:29.946root 11241100x80000000000000004028361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8540ac70724b4862021-12-22 12:46:29.946root 11241100x80000000000000004028362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f476c959bf9d2e2021-12-22 12:46:29.946root 11241100x80000000000000004028363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099b7ff3a6e2a5062021-12-22 12:46:29.947root 11241100x80000000000000004028364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d9720b63cc1c252021-12-22 12:46:29.947root 11241100x80000000000000004028365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6078838e7864112021-12-22 12:46:29.947root 11241100x80000000000000004028366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e815d96e70949bf2021-12-22 12:46:29.947root 11241100x80000000000000004028367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c46237f80cafd82021-12-22 12:46:29.947root 11241100x80000000000000004028368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547d0c22cf0a2c9c2021-12-22 12:46:29.947root 11241100x80000000000000004028369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41e61872824408c2021-12-22 12:46:29.947root 11241100x80000000000000004028370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe984b62d216f792021-12-22 12:46:29.947root 11241100x80000000000000004028371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2705539233ec52922021-12-22 12:46:29.947root 11241100x80000000000000004028372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb20dd78823fcc2a2021-12-22 12:46:29.947root 11241100x80000000000000004028373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fec15edbcf7c2412021-12-22 12:46:29.948root 11241100x80000000000000004028374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e2ffa8316ec2562021-12-22 12:46:29.948root 11241100x80000000000000004028375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541bcbaa20e449bf2021-12-22 12:46:29.948root 11241100x80000000000000004028376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0757eb6a3a570d622021-12-22 12:46:29.948root 11241100x80000000000000004028377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf116826bb87dcc2021-12-22 12:46:29.948root 11241100x80000000000000004028378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cb80135329af682021-12-22 12:46:29.948root 11241100x80000000000000004028379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6372d2f25f25682021-12-22 12:46:29.948root 11241100x80000000000000004028380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80266cbfdb6d6d702021-12-22 12:46:29.948root 11241100x80000000000000004028381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c5a4657f153f9e2021-12-22 12:46:29.949root 11241100x80000000000000004028382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5692ace753c851792021-12-22 12:46:29.949root 11241100x80000000000000004028383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1793852e244115bd2021-12-22 12:46:29.949root 11241100x80000000000000004028384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92fd018dcbb0c412021-12-22 12:46:29.949root 11241100x80000000000000004028385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d7ab957d983d632021-12-22 12:46:29.949root 11241100x80000000000000004028386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc92f22fe28a3fe12021-12-22 12:46:29.949root 11241100x80000000000000004028387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942270ca7c54b6ae2021-12-22 12:46:29.950root 11241100x80000000000000004028388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fda6b813a0ca19c2021-12-22 12:46:29.950root 11241100x80000000000000004028389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732d478de0cef80d2021-12-22 12:46:29.950root 11241100x80000000000000004028390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec16e3f4108f95fe2021-12-22 12:46:29.950root 11241100x80000000000000004028391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225655a1c1882b962021-12-22 12:46:29.950root 11241100x80000000000000004028392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b230040e8d7d8d2021-12-22 12:46:29.950root 11241100x80000000000000004028393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dbe9b59f54483d2021-12-22 12:46:29.950root 11241100x80000000000000004028394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f89f37742f2ec0a2021-12-22 12:46:29.950root 11241100x80000000000000004028395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfe3fadd317d4172021-12-22 12:46:29.950root 11241100x80000000000000004028396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f633ec1dd64fcbdb2021-12-22 12:46:29.950root 11241100x80000000000000004028397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5f967678a018072021-12-22 12:46:30.443root 11241100x80000000000000004028398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c561d6ed17e822552021-12-22 12:46:30.443root 11241100x80000000000000004028399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6cb37cf3659cf52021-12-22 12:46:30.443root 11241100x80000000000000004028400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16884824ac2a4e902021-12-22 12:46:30.443root 11241100x80000000000000004028401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f8d417e5949e9a2021-12-22 12:46:30.444root 11241100x80000000000000004028402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787e777785a278372021-12-22 12:46:30.444root 11241100x80000000000000004028403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472d13722fcc959c2021-12-22 12:46:30.444root 11241100x80000000000000004028404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea4d3ea309747792021-12-22 12:46:30.444root 11241100x80000000000000004028405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae103e703001772021-12-22 12:46:30.444root 11241100x80000000000000004028406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7265650f92640302021-12-22 12:46:30.444root 11241100x80000000000000004028407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44b2f64db11b1162021-12-22 12:46:30.444root 11241100x80000000000000004028408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05622f4ac1117c72021-12-22 12:46:30.444root 11241100x80000000000000004028409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d26b3b735c858ef2021-12-22 12:46:30.444root 11241100x80000000000000004028410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac7bf1900c5098a2021-12-22 12:46:30.444root 11241100x80000000000000004028411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3235bf196b10bcea2021-12-22 12:46:30.444root 11241100x80000000000000004028412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e1f69a8bd8dea22021-12-22 12:46:30.444root 11241100x80000000000000004028413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e5d4eac818b57b2021-12-22 12:46:30.444root 11241100x80000000000000004028414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3585d81106eb2d622021-12-22 12:46:30.444root 11241100x80000000000000004028415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134673ad72d9b6f62021-12-22 12:46:30.445root 11241100x80000000000000004028416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cef64f7f28946cc2021-12-22 12:46:30.445root 11241100x80000000000000004028417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b41b5b2fd9975f2021-12-22 12:46:30.445root 11241100x80000000000000004028418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477a3eac6c50d4212021-12-22 12:46:30.445root 11241100x80000000000000004028419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38420382650e14ae2021-12-22 12:46:30.445root 11241100x80000000000000004028420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535064028a25c73d2021-12-22 12:46:30.445root 11241100x80000000000000004028421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd24736892372212021-12-22 12:46:30.445root 11241100x80000000000000004028422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f8f5df1bee17662021-12-22 12:46:30.445root 11241100x80000000000000004028423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b40988b9442483d2021-12-22 12:46:30.445root 11241100x80000000000000004028424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028005aee82014382021-12-22 12:46:30.445root 11241100x80000000000000004028425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d677418e9fcb0872021-12-22 12:46:30.446root 11241100x80000000000000004028426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d330269bc5da363b2021-12-22 12:46:30.446root 11241100x80000000000000004028427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158b5eaf97432f502021-12-22 12:46:30.446root 11241100x80000000000000004028428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df61ea9d23bfde9e2021-12-22 12:46:30.446root 11241100x80000000000000004028429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6659a8ea05637a2021-12-22 12:46:30.447root 11241100x80000000000000004028430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ce51fe933e732e2021-12-22 12:46:30.447root 11241100x80000000000000004028431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d63cdc9988f2762021-12-22 12:46:30.447root 11241100x80000000000000004028432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a73f5d83f00981e2021-12-22 12:46:30.448root 11241100x80000000000000004028433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9446ecf14a65c8752021-12-22 12:46:30.448root 11241100x80000000000000004028434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8aeec9543b41fc82021-12-22 12:46:30.448root 11241100x80000000000000004028435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fc5bb81a1c05d62021-12-22 12:46:30.449root 11241100x80000000000000004028436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e0af8b196fd6332021-12-22 12:46:30.449root 11241100x80000000000000004028437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1866c8104eb11dc2021-12-22 12:46:30.449root 154100x80000000000000004028438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.449{ec2b6afe-1e26-61c3-6894-3cfa11560000}22729/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x80000000000000004028439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2b8eaa234a288d2021-12-22 12:46:30.449root 11241100x80000000000000004028440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5e23cdd34a90072021-12-22 12:46:30.450root 11241100x80000000000000004028441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e2b744c9b6f3eb2021-12-22 12:46:30.450root 11241100x80000000000000004028442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55abd3628737eea2021-12-22 12:46:30.450root 11241100x80000000000000004028443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a5f2e7335837462021-12-22 12:46:30.451root 11241100x80000000000000004028444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82ca04b1f9983cb2021-12-22 12:46:30.452root 11241100x80000000000000004028445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bff2b19ee839c22021-12-22 12:46:30.452root 11241100x80000000000000004028446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874c024abec4170f2021-12-22 12:46:30.452root 11241100x80000000000000004028447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e491053c51e8ed2021-12-22 12:46:30.452root 11241100x80000000000000004028448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4ef8d93d4c351b2021-12-22 12:46:30.452root 11241100x80000000000000004028449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473bc83f29fbe6252021-12-22 12:46:30.452root 11241100x80000000000000004028450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e362596afd4d45a92021-12-22 12:46:30.452root 11241100x80000000000000004028451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9fb7d524a0c7c02021-12-22 12:46:30.452root 11241100x80000000000000004028452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a19f35fbb979782021-12-22 12:46:30.452root 11241100x80000000000000004028453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ad55e7c3c35d552021-12-22 12:46:30.452root 11241100x80000000000000004028454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3858337982532e2021-12-22 12:46:30.453root 11241100x80000000000000004028455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068702789165be892021-12-22 12:46:30.453root 11241100x80000000000000004028456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2a3b2547ad60502021-12-22 12:46:30.453root 11241100x80000000000000004028457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce19637a86f68e812021-12-22 12:46:30.453root 11241100x80000000000000004028458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674c615c7cbb97912021-12-22 12:46:30.453root 11241100x80000000000000004028459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35447319886b4cd2021-12-22 12:46:30.453root 11241100x80000000000000004028460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b8b0a3a7307fb92021-12-22 12:46:30.453root 11241100x80000000000000004028461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2234ca2310e0f7292021-12-22 12:46:30.454root 11241100x80000000000000004028462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86c8edc6369673d2021-12-22 12:46:30.454root 11241100x80000000000000004028463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae19e3a55b1ecd32021-12-22 12:46:30.454root 11241100x80000000000000004028464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26cf53857c2ec1c2021-12-22 12:46:30.454root 11241100x80000000000000004028465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b451f1d144c49302021-12-22 12:46:30.454root 11241100x80000000000000004028466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8d6c0e2477eff52021-12-22 12:46:30.454root 11241100x80000000000000004028467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17318865cc0f5f12021-12-22 12:46:30.454root 11241100x80000000000000004028468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe82d5360779b282021-12-22 12:46:30.454root 11241100x80000000000000004028469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0163cdb6ac0f214b2021-12-22 12:46:30.455root 11241100x80000000000000004028470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6335896c37037792021-12-22 12:46:30.455root 11241100x80000000000000004028471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7257ad15af53573c2021-12-22 12:46:30.455root 11241100x80000000000000004028472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b465ea5ac643b3f32021-12-22 12:46:30.455root 11241100x80000000000000004028473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9d9ce1a4005a812021-12-22 12:46:30.455root 11241100x80000000000000004028474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13043476d25992952021-12-22 12:46:30.455root 11241100x80000000000000004028475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccb52380e094bb02021-12-22 12:46:30.455root 11241100x80000000000000004028476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f7925b951bb4912021-12-22 12:46:30.455root 11241100x80000000000000004028477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97a1960bd6b59612021-12-22 12:46:30.455root 11241100x80000000000000004028478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb35c5f4f676aee2021-12-22 12:46:30.455root 11241100x80000000000000004028479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7650e8d243dd837f2021-12-22 12:46:30.455root 11241100x80000000000000004028480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ead81bfd72a1f22021-12-22 12:46:30.456root 11241100x80000000000000004028481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dede08bd9b19f72021-12-22 12:46:30.456root 11241100x80000000000000004028482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a9d6e428d416e52021-12-22 12:46:30.456root 11241100x80000000000000004028483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5611fbde905c50d32021-12-22 12:46:30.456root 11241100x80000000000000004028484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da60709ef090fc722021-12-22 12:46:30.456root 11241100x80000000000000004028485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03c30053853e5e62021-12-22 12:46:30.456root 11241100x80000000000000004028486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0ddab4d67719a52021-12-22 12:46:30.456root 11241100x80000000000000004028487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bae7d7474e190292021-12-22 12:46:30.457root 11241100x80000000000000004028488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e948efbed62b2bbd2021-12-22 12:46:30.457root 11241100x80000000000000004028489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966ce9ca433340cb2021-12-22 12:46:30.457root 11241100x80000000000000004028490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b93cb0197988a222021-12-22 12:46:30.457root 11241100x80000000000000004028491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bac74291d06f7782021-12-22 12:46:30.457root 11241100x80000000000000004028492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab63403ef839f0e2021-12-22 12:46:30.458root 11241100x80000000000000004028493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7ad2ee68dcb4a92021-12-22 12:46:30.458root 11241100x80000000000000004028494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f4383b641102912021-12-22 12:46:30.458root 11241100x80000000000000004028495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633565ba91c131cd2021-12-22 12:46:30.458root 11241100x80000000000000004028496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc9978bbc4967fe2021-12-22 12:46:30.458root 11241100x80000000000000004028497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6672603e511607b92021-12-22 12:46:30.458root 11241100x80000000000000004028498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a821408a1324bd122021-12-22 12:46:30.458root 11241100x80000000000000004028499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2924569cbea42f9d2021-12-22 12:46:30.458root 11241100x80000000000000004028500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872a507dcb0499932021-12-22 12:46:30.458root 11241100x80000000000000004028501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c9779349069fb62021-12-22 12:46:30.459root 11241100x80000000000000004028502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b144418306556e2d2021-12-22 12:46:30.459root 11241100x80000000000000004028503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d5cbddf938dd9e2021-12-22 12:46:30.459root 11241100x80000000000000004028504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586953dd6e951d5c2021-12-22 12:46:30.459root 11241100x80000000000000004028505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ed6aed6b2cfb6f2021-12-22 12:46:30.459root 11241100x80000000000000004028506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b25f10cb83f841d2021-12-22 12:46:30.459root 11241100x80000000000000004028507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5b46bf736ca6042021-12-22 12:46:30.459root 11241100x80000000000000004028508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a309af379947b212021-12-22 12:46:30.459root 11241100x80000000000000004028509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb7b319f497ee262021-12-22 12:46:30.460root 11241100x80000000000000004028510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cb59ac7398995a2021-12-22 12:46:30.460root 11241100x80000000000000004028511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e299d5967ce6ec9b2021-12-22 12:46:30.460root 11241100x80000000000000004028512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0d1fe444e855b2021-12-22 12:46:30.460root 11241100x80000000000000004028513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e166b0a0b73decee2021-12-22 12:46:30.460root 11241100x80000000000000004028514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dadac38396a35e2021-12-22 12:46:30.460root 11241100x80000000000000004028515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836a549766c7ca5d2021-12-22 12:46:30.460root 11241100x80000000000000004028516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335f6953186f69de2021-12-22 12:46:30.460root 11241100x80000000000000004028517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487e3f5e97cf7dca2021-12-22 12:46:30.461root 11241100x80000000000000004028518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723b8f798a4ee9fc2021-12-22 12:46:30.461root 11241100x80000000000000004028519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713568d3f1b775ed2021-12-22 12:46:30.461root 11241100x80000000000000004028520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873c55de5aebedad2021-12-22 12:46:30.461root 11241100x80000000000000004028521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf2b43c252fc29b2021-12-22 12:46:30.461root 11241100x80000000000000004028522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11f5c6c77d84f4c2021-12-22 12:46:30.461root 11241100x80000000000000004028523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0190fc00bc3d1402021-12-22 12:46:30.461root 11241100x80000000000000004028524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f1bc09729ae9952021-12-22 12:46:30.461root 11241100x80000000000000004028525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c7d921bcbab8c22021-12-22 12:46:30.461root 11241100x80000000000000004028526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91d24d561674f342021-12-22 12:46:30.462root 11241100x80000000000000004028527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccd3ae6464ab72d2021-12-22 12:46:30.462root 11241100x80000000000000004028528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da15a499ce4793d22021-12-22 12:46:30.462root 11241100x80000000000000004028529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028e883eee647ffa2021-12-22 12:46:30.462root 11241100x80000000000000004028530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9533e048a6f858cf2021-12-22 12:46:30.462root 11241100x80000000000000004028531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1e02c8f6f677dc2021-12-22 12:46:30.462root 11241100x80000000000000004028532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f6ed3836f79c412021-12-22 12:46:30.462root 534500x80000000000000004028533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.462{ec2b6afe-1e26-61c3-6894-3cfa11560000}22729/bin/psroot 11241100x80000000000000004028534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffcb8df6aaa6feb2021-12-22 12:46:30.462root 11241100x80000000000000004028535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be04a98a2da609632021-12-22 12:46:30.462root 11241100x80000000000000004028536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f530a417d8a72622021-12-22 12:46:30.463root 11241100x80000000000000004028537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8592685045ecf6632021-12-22 12:46:30.463root 11241100x80000000000000004028538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6c77f90f85f4132021-12-22 12:46:30.463root 11241100x80000000000000004028539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e93e0f199668e02021-12-22 12:46:30.463root 11241100x80000000000000004028540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec27285d777070d2021-12-22 12:46:30.463root 11241100x80000000000000004028541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59fc8ff5cf3f6642021-12-22 12:46:30.464root 11241100x80000000000000004028542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749f0d3f3e333c712021-12-22 12:46:30.464root 11241100x80000000000000004028543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4844fbfa4a88732021-12-22 12:46:30.464root 11241100x80000000000000004028544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e15e5aced87ad882021-12-22 12:46:30.464root 11241100x80000000000000004028545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0226be39f9e5c62021-12-22 12:46:30.464root 11241100x80000000000000004028546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0978ba54e3e16b2021-12-22 12:46:30.464root 11241100x80000000000000004028547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccbebe8818737342021-12-22 12:46:30.464root 11241100x80000000000000004028548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1986bab882caf7b2021-12-22 12:46:30.464root 11241100x80000000000000004028549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168c0f9ed42e53172021-12-22 12:46:30.464root 11241100x80000000000000004028550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe3fe51b8fa4d642021-12-22 12:46:30.465root 11241100x80000000000000004028551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8ff4d5fb64df4e2021-12-22 12:46:30.465root 11241100x80000000000000004028552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196629cb33c8b7a92021-12-22 12:46:30.465root 11241100x80000000000000004028553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b1ae4a927650662021-12-22 12:46:30.465root 11241100x80000000000000004028554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad8a5df0d0360ff2021-12-22 12:46:30.465root 11241100x80000000000000004028555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2ececd411a5d282021-12-22 12:46:30.465root 11241100x80000000000000004028556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15b7d905828ba312021-12-22 12:46:30.466root 11241100x80000000000000004028557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36db3d214ccb39ad2021-12-22 12:46:30.466root 11241100x80000000000000004028558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44954e106aac579b2021-12-22 12:46:30.466root 11241100x80000000000000004028559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fdbf2be308b1a92021-12-22 12:46:30.466root 11241100x80000000000000004028560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9603af2604fc0ea82021-12-22 12:46:30.466root 11241100x80000000000000004028561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e30cd21e549fb62021-12-22 12:46:30.466root 11241100x80000000000000004028562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf9a460aa0faaa72021-12-22 12:46:30.466root 11241100x80000000000000004028563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a60e02c021067c22021-12-22 12:46:30.466root 11241100x80000000000000004028564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02e2b39a8a7e1672021-12-22 12:46:30.467root 11241100x80000000000000004028565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bea2a76e69b73602021-12-22 12:46:30.467root 11241100x80000000000000004028566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e6e1490864be5f2021-12-22 12:46:30.467root 11241100x80000000000000004028567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4bfa5634ff15042021-12-22 12:46:30.467root 11241100x80000000000000004028568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68cd6317033f3b72021-12-22 12:46:30.467root 11241100x80000000000000004028569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c667a2eec05c942021-12-22 12:46:30.467root 11241100x80000000000000004028570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109534b9375edc9c2021-12-22 12:46:30.467root 11241100x80000000000000004028571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f924777d412f002021-12-22 12:46:30.467root 11241100x80000000000000004028572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf24fd00002c85f2021-12-22 12:46:30.468root 11241100x80000000000000004028573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a20907a89d01e262021-12-22 12:46:30.468root 11241100x80000000000000004028574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaecb687066ffce2021-12-22 12:46:30.468root 11241100x80000000000000004028575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7f42fc92c6bf492021-12-22 12:46:30.468root 11241100x80000000000000004028576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dae92beca9f69c2021-12-22 12:46:30.468root 11241100x80000000000000004028577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608a09bd4fda68f92021-12-22 12:46:30.943root 11241100x80000000000000004028578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9e284778d927812021-12-22 12:46:30.943root 11241100x80000000000000004028579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4401ab09d6f4c4052021-12-22 12:46:30.943root 11241100x80000000000000004028580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b1cb62fc30c8632021-12-22 12:46:30.943root 11241100x80000000000000004028581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bc229b2eb304a32021-12-22 12:46:30.943root 11241100x80000000000000004028582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b0c8e3788b7b952021-12-22 12:46:30.944root 11241100x80000000000000004028583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781c838e388d66902021-12-22 12:46:30.944root 11241100x80000000000000004028584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fb096c3239924e2021-12-22 12:46:30.944root 11241100x80000000000000004028585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa2efbef4e0a4622021-12-22 12:46:30.944root 11241100x80000000000000004028586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99142e464501e1fe2021-12-22 12:46:30.944root 11241100x80000000000000004028587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a94d70767172aa52021-12-22 12:46:30.944root 11241100x80000000000000004028588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c1e0112fe0d6bc2021-12-22 12:46:30.944root 11241100x80000000000000004028589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b994185452210912021-12-22 12:46:30.944root 11241100x80000000000000004028590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84c52e3564819602021-12-22 12:46:30.944root 11241100x80000000000000004028591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb420341974fa0dc2021-12-22 12:46:30.944root 11241100x80000000000000004028592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3110586038d61af52021-12-22 12:46:30.944root 11241100x80000000000000004028593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa48a6424de02b12021-12-22 12:46:30.945root 11241100x80000000000000004028594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1d38d45f922fef2021-12-22 12:46:30.945root 11241100x80000000000000004028595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577556e4bd08ecce2021-12-22 12:46:30.945root 11241100x80000000000000004028596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e51947bccb9c2b82021-12-22 12:46:30.945root 11241100x80000000000000004028597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbdfe550850df772021-12-22 12:46:30.945root 11241100x80000000000000004028598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9e039496e58eeb2021-12-22 12:46:30.945root 11241100x80000000000000004028599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067febe74caa25762021-12-22 12:46:30.945root 11241100x80000000000000004028600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b5de752b29a6ed2021-12-22 12:46:30.945root 11241100x80000000000000004028601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d2f08a262d0c152021-12-22 12:46:30.946root 11241100x80000000000000004028602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac67cafd8f408462021-12-22 12:46:30.946root 11241100x80000000000000004028603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c5e2d799356fbb2021-12-22 12:46:30.946root 11241100x80000000000000004028604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34440ad5a448d4972021-12-22 12:46:30.946root 11241100x80000000000000004028605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce72cab96d489bc92021-12-22 12:46:30.946root 11241100x80000000000000004028606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaf06792b15be592021-12-22 12:46:30.946root 11241100x80000000000000004028607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3472b7355e628ec72021-12-22 12:46:30.946root 11241100x80000000000000004028608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6ffbe4de62a6562021-12-22 12:46:30.946root 11241100x80000000000000004028609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c899f59d2b07c22021-12-22 12:46:30.946root 11241100x80000000000000004028610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7e8402729e94af2021-12-22 12:46:30.946root 11241100x80000000000000004028611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe41a3f471923ce2021-12-22 12:46:30.947root 11241100x80000000000000004028612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f2262025fc80712021-12-22 12:46:30.947root 11241100x80000000000000004028613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcadd82e9c4a9242021-12-22 12:46:30.947root 11241100x80000000000000004028614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8c705d67998d732021-12-22 12:46:30.947root 11241100x80000000000000004028615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c8e4356633c12a2021-12-22 12:46:30.947root 11241100x80000000000000004028616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6e6cdce4c3bca32021-12-22 12:46:30.947root 11241100x80000000000000004028617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb65b73de0799c172021-12-22 12:46:30.948root 11241100x80000000000000004028618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f1c00eccb0f7b22021-12-22 12:46:30.948root 11241100x80000000000000004028619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58a862f7479bc532021-12-22 12:46:30.948root 11241100x80000000000000004028620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96070b53dc96d562021-12-22 12:46:30.948root 11241100x80000000000000004028621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3ee19a89d796bb2021-12-22 12:46:30.948root 11241100x80000000000000004028622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8175646641395c2021-12-22 12:46:30.948root 11241100x80000000000000004028623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798165568dd925732021-12-22 12:46:30.948root 11241100x80000000000000004028624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9115bd97abd20d62021-12-22 12:46:30.949root 11241100x80000000000000004028625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33bf17dd34629682021-12-22 12:46:30.949root 11241100x80000000000000004028626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d377f2a898270f42021-12-22 12:46:30.949root 11241100x80000000000000004028627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a06a8c20f64b8a92021-12-22 12:46:30.949root 11241100x80000000000000004028628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f77e1d654c1c732021-12-22 12:46:30.949root 11241100x80000000000000004028629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f082e224b79ac61c2021-12-22 12:46:30.949root 11241100x80000000000000004028630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b889cecf016dfac92021-12-22 12:46:30.950root 11241100x80000000000000004028631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7d40a6058cc7522021-12-22 12:46:30.950root 11241100x80000000000000004028632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1d61cafa8cf98b2021-12-22 12:46:30.950root 11241100x80000000000000004028633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ba675f5ac366552021-12-22 12:46:30.950root 11241100x80000000000000004028634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de936ca5480213952021-12-22 12:46:30.950root 11241100x80000000000000004028635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a1efb4ccbbc5412021-12-22 12:46:30.950root 11241100x80000000000000004028636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c26fbfd8a3b02152021-12-22 12:46:30.950root 11241100x80000000000000004028637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4858a47080ec5c2021-12-22 12:46:30.950root 11241100x80000000000000004028638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78f9fc3ebe7dc252021-12-22 12:46:30.950root 11241100x80000000000000004028639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea12c96ac2357072021-12-22 12:46:30.950root 11241100x80000000000000004028640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0254dcecf36867b52021-12-22 12:46:30.951root 11241100x80000000000000004028641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dc5807d5deaa882021-12-22 12:46:30.951root 11241100x80000000000000004028642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9bfab48d0c399e2021-12-22 12:46:30.951root 11241100x80000000000000004028643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fef55b4e4fa1e982021-12-22 12:46:30.951root 11241100x80000000000000004028644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6881c63c586c4712021-12-22 12:46:30.951root 11241100x80000000000000004028645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ae73f4e131729c2021-12-22 12:46:30.951root 11241100x80000000000000004028646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfaaa82e9d9ebc92021-12-22 12:46:30.951root 11241100x80000000000000004028647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5e66432d3e31502021-12-22 12:46:30.951root 11241100x80000000000000004028648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b2e50f8ff8a7fc2021-12-22 12:46:30.952root 11241100x80000000000000004028649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527aacc3b948b9b22021-12-22 12:46:30.952root 11241100x80000000000000004028650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84de9b1ffa1382d32021-12-22 12:46:30.952root 11241100x80000000000000004028651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299fedf799ee70ca2021-12-22 12:46:30.952root 11241100x80000000000000004028652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a7922c6d2425ae2021-12-22 12:46:30.952root 11241100x80000000000000004028653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac223dcc21a05962021-12-22 12:46:30.953root 11241100x80000000000000004028654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f72e1c876f11192021-12-22 12:46:30.953root 11241100x80000000000000004028655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5743237070c410c82021-12-22 12:46:30.953root 11241100x80000000000000004028656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:30.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d839777b39f0e2722021-12-22 12:46:30.953root 11241100x80000000000000004028657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6471e384f5c2dd2021-12-22 12:46:31.443root 11241100x80000000000000004028658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f82c7cd939680b62021-12-22 12:46:31.443root 11241100x80000000000000004028659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054a73461fb5a4f52021-12-22 12:46:31.443root 11241100x80000000000000004028660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a714c764b2a31bb12021-12-22 12:46:31.443root 11241100x80000000000000004028661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98c15e164989a112021-12-22 12:46:31.443root 11241100x80000000000000004028662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eee13204a7467362021-12-22 12:46:31.444root 11241100x80000000000000004028663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32bd283adcbe4e02021-12-22 12:46:31.444root 11241100x80000000000000004028664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538ab62fe650941e2021-12-22 12:46:31.444root 11241100x80000000000000004028665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef174b61f29460c82021-12-22 12:46:31.444root 11241100x80000000000000004028666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b48e5da965e51ba2021-12-22 12:46:31.444root 11241100x80000000000000004028667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6d5db3eb35dade2021-12-22 12:46:31.444root 11241100x80000000000000004028668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099d155e3f3d82cd2021-12-22 12:46:31.444root 11241100x80000000000000004028669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8b6d4b4dde71662021-12-22 12:46:31.444root 11241100x80000000000000004028670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe0659419eb4ce32021-12-22 12:46:31.444root 11241100x80000000000000004028671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40f438aaf8e087c2021-12-22 12:46:31.444root 11241100x80000000000000004028672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c714ac374c0e3c2021-12-22 12:46:31.444root 11241100x80000000000000004028673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2d46a557e734ce2021-12-22 12:46:31.444root 11241100x80000000000000004028674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3c63db8cff74402021-12-22 12:46:31.445root 11241100x80000000000000004028675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfaee5163bb233e52021-12-22 12:46:31.445root 11241100x80000000000000004028676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017c81c2825d8e6f2021-12-22 12:46:31.445root 11241100x80000000000000004028677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6738cf2ea986032021-12-22 12:46:31.445root 11241100x80000000000000004028678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019f13a083a5211e2021-12-22 12:46:31.445root 11241100x80000000000000004028679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f2bf5b6e4f01d72021-12-22 12:46:31.445root 11241100x80000000000000004028680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4764fff013e7e112021-12-22 12:46:31.445root 11241100x80000000000000004028681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4355f5a16fd8052021-12-22 12:46:31.445root 11241100x80000000000000004028682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1543deceeb3444372021-12-22 12:46:31.445root 11241100x80000000000000004028683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb34a2b7ef69008e2021-12-22 12:46:31.445root 11241100x80000000000000004028684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582dd12f4cd234bc2021-12-22 12:46:31.446root 11241100x80000000000000004028685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7023fafc331853872021-12-22 12:46:31.446root 11241100x80000000000000004028686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b130c5b93a4152021-12-22 12:46:31.446root 11241100x80000000000000004028687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6ea1d1221196b22021-12-22 12:46:31.446root 11241100x80000000000000004028688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59574a298232bf32021-12-22 12:46:31.446root 11241100x80000000000000004028689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e528ba25c712532021-12-22 12:46:31.446root 11241100x80000000000000004028690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26b95d8e552b6eb2021-12-22 12:46:31.446root 11241100x80000000000000004028691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10889a73213bcd4d2021-12-22 12:46:31.447root 11241100x80000000000000004028692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423fc82611a187462021-12-22 12:46:31.447root 11241100x80000000000000004028693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf631b3110ce376c2021-12-22 12:46:31.447root 11241100x80000000000000004028694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b508a6455f82f52021-12-22 12:46:31.447root 11241100x80000000000000004028695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1e1612e1aa25ab2021-12-22 12:46:31.447root 11241100x80000000000000004028696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d90175aed0ce702021-12-22 12:46:31.447root 11241100x80000000000000004028697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ee280150fcb6552021-12-22 12:46:31.447root 11241100x80000000000000004028698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1563ab2125f67d2021-12-22 12:46:31.447root 11241100x80000000000000004028699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a2cfa0fb7b9d412021-12-22 12:46:31.447root 11241100x80000000000000004028700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df892ec16fcd042d2021-12-22 12:46:31.448root 11241100x80000000000000004028701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee3343dae7c17022021-12-22 12:46:31.448root 11241100x80000000000000004028702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8080e04af145fc52021-12-22 12:46:31.448root 11241100x80000000000000004028703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c47cd6b9b3b2982021-12-22 12:46:31.448root 11241100x80000000000000004028704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc21549d1fe53b112021-12-22 12:46:31.448root 11241100x80000000000000004028705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09582753c74544f02021-12-22 12:46:31.448root 11241100x80000000000000004028706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df36f12a371e3a792021-12-22 12:46:31.448root 11241100x80000000000000004028707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecdb20dede23f422021-12-22 12:46:31.448root 11241100x80000000000000004028708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56181a8ab2ea66ef2021-12-22 12:46:31.448root 11241100x80000000000000004028709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb457e5da6f5036c2021-12-22 12:46:31.448root 11241100x80000000000000004028710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fd3e37b46d94c62021-12-22 12:46:31.449root 11241100x80000000000000004028711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78894ba5b7c8b7882021-12-22 12:46:31.449root 11241100x80000000000000004028712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbafaf2c7cb4e2052021-12-22 12:46:31.449root 11241100x80000000000000004028713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9130d0c6cc09c582021-12-22 12:46:31.449root 11241100x80000000000000004028714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c02218232826b4e2021-12-22 12:46:31.449root 11241100x80000000000000004028715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4392d3f6a57a40262021-12-22 12:46:31.449root 11241100x80000000000000004028716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a82bc8a8a268852021-12-22 12:46:31.449root 11241100x80000000000000004028717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4568870fdae9e1702021-12-22 12:46:31.449root 11241100x80000000000000004028718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374330bf8c71958f2021-12-22 12:46:31.943root 11241100x80000000000000004028719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7332841f28d382f72021-12-22 12:46:31.943root 11241100x80000000000000004028720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a6acdaef5d701c2021-12-22 12:46:31.943root 11241100x80000000000000004028721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0501c1e86ba9e72021-12-22 12:46:31.943root 11241100x80000000000000004028722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be36e8ef6fe4ba662021-12-22 12:46:31.943root 11241100x80000000000000004028723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33a8fd83c37a7d32021-12-22 12:46:31.943root 11241100x80000000000000004028724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6751f8d1cc205ab2021-12-22 12:46:31.943root 11241100x80000000000000004028725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af3ecae1302fa682021-12-22 12:46:31.943root 11241100x80000000000000004028726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bc92895a76fb202021-12-22 12:46:31.943root 11241100x80000000000000004028727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fa0a7c1ea11ffe2021-12-22 12:46:31.943root 11241100x80000000000000004028728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd30aeca66e99d9e2021-12-22 12:46:31.944root 11241100x80000000000000004028729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e88cf12d3505a432021-12-22 12:46:31.944root 11241100x80000000000000004028730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfb25c24bebfa7c2021-12-22 12:46:31.944root 11241100x80000000000000004028731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199c3cebcaa0f94e2021-12-22 12:46:31.944root 11241100x80000000000000004028732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767ce68714eb33de2021-12-22 12:46:31.944root 11241100x80000000000000004028733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36c1706e4fb281e2021-12-22 12:46:31.944root 11241100x80000000000000004028734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8078cc0a656319e42021-12-22 12:46:31.944root 11241100x80000000000000004028735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e4a89e4b5d82212021-12-22 12:46:31.944root 11241100x80000000000000004028736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8912c2c6265b6392021-12-22 12:46:31.944root 11241100x80000000000000004028737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cab179c02e66372021-12-22 12:46:31.945root 11241100x80000000000000004028738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf27d4ee880bf352021-12-22 12:46:31.945root 11241100x80000000000000004028739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe74c48f686d0842021-12-22 12:46:31.945root 11241100x80000000000000004028740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b40cd8f6ea3110f2021-12-22 12:46:31.945root 11241100x80000000000000004028741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a847e5e6987faa2021-12-22 12:46:31.945root 11241100x80000000000000004028742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf39692cb48587f2021-12-22 12:46:31.946root 11241100x80000000000000004028743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e4a5e7cefe59562021-12-22 12:46:31.946root 11241100x80000000000000004028744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d75a8d49cf502d02021-12-22 12:46:31.946root 11241100x80000000000000004028745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562014cac55f3a412021-12-22 12:46:31.946root 11241100x80000000000000004028746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd9d76b325083df2021-12-22 12:46:31.946root 11241100x80000000000000004028747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf12b98e79d82e012021-12-22 12:46:31.946root 11241100x80000000000000004028748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0819b3d7ebe8492a2021-12-22 12:46:31.946root 11241100x80000000000000004028749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdef7d094a349062021-12-22 12:46:31.948root 11241100x80000000000000004028750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d20a11e89d9ade2021-12-22 12:46:31.948root 11241100x80000000000000004028751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5880c3d834a88a2021-12-22 12:46:31.948root 11241100x80000000000000004028752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec3b163bfad35d42021-12-22 12:46:31.948root 11241100x80000000000000004028753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a45327de10e54b2021-12-22 12:46:31.949root 11241100x80000000000000004028754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0817106011d54e432021-12-22 12:46:31.949root 11241100x80000000000000004028755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6715661975cdc222021-12-22 12:46:31.949root 11241100x80000000000000004028756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e357d156663c272021-12-22 12:46:31.949root 11241100x80000000000000004028757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6e10d27786e2482021-12-22 12:46:31.949root 11241100x80000000000000004028758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e698f356281205d2021-12-22 12:46:31.949root 11241100x80000000000000004028759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b489a1f02aaf51c2021-12-22 12:46:31.949root 11241100x80000000000000004028760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9afb4089a5fab82021-12-22 12:46:31.949root 11241100x80000000000000004028761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20dc430782ec5252021-12-22 12:46:31.949root 11241100x80000000000000004028762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9306c78b75a08e1e2021-12-22 12:46:31.949root 11241100x80000000000000004028763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91411516c6e91e62021-12-22 12:46:31.950root 11241100x80000000000000004028764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f441753eaa664682021-12-22 12:46:31.950root 11241100x80000000000000004028765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0385a352e534ae9b2021-12-22 12:46:31.950root 11241100x80000000000000004028766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae59c1568a57cb982021-12-22 12:46:31.950root 11241100x80000000000000004028767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dfb551eddede402021-12-22 12:46:31.950root 11241100x80000000000000004028768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afafe1d53536a5832021-12-22 12:46:31.950root 11241100x80000000000000004028769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af4c437654b788d2021-12-22 12:46:31.950root 11241100x80000000000000004028770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36684216b070e5012021-12-22 12:46:31.950root 11241100x80000000000000004028771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed80333a8e8afb92021-12-22 12:46:31.950root 11241100x80000000000000004028772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61e7a0b44fe4be72021-12-22 12:46:31.950root 11241100x80000000000000004028773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35862ab8622017f2021-12-22 12:46:31.950root 11241100x80000000000000004028774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b91836441624da72021-12-22 12:46:31.951root 11241100x80000000000000004028775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b3d0f997efff1d2021-12-22 12:46:31.951root 11241100x80000000000000004028776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d6156c283bc2d42021-12-22 12:46:31.951root 11241100x80000000000000004028777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b6dd246e3858ad2021-12-22 12:46:31.951root 11241100x80000000000000004028778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7d3aeca1a431ca2021-12-22 12:46:31.951root 11241100x80000000000000004028779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746d8fb2d2f642242021-12-22 12:46:31.951root 11241100x80000000000000004028780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4584573def842a2021-12-22 12:46:31.951root 11241100x80000000000000004028781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b316760fed9428c62021-12-22 12:46:31.951root 11241100x80000000000000004028782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af0d3a3d91335cf2021-12-22 12:46:31.951root 11241100x80000000000000004028783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7102ebdcda4708d52021-12-22 12:46:31.951root 11241100x80000000000000004028784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f7b2255a0efe442021-12-22 12:46:31.952root 11241100x80000000000000004028785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:31.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2858c897dad8a02021-12-22 12:46:31.952root 354300x80000000000000004028853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:45.069{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56894-false10.0.1.12-8000- 11241100x80000000000000004028854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:45.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595db5aee06523442021-12-22 12:46:45.442root 11241100x80000000000000004028855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:45.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e6f38f9bc17b822021-12-22 12:46:45.942root 11241100x80000000000000004028856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:46.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5380e0a7d08bc5c2021-12-22 12:46:46.442root 11241100x80000000000000004028857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:46.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3224e35a6acae84c2021-12-22 12:46:46.942root 11241100x80000000000000004028858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:47.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8602fc788779c02021-12-22 12:46:47.442root 11241100x80000000000000004028859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:47.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fd1d86c6e43fb02021-12-22 12:46:47.942root 11241100x80000000000000004028860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:48.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae8e4d1e05f72ef2021-12-22 12:46:48.442root 11241100x80000000000000004028861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:48.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa19f634c28def82021-12-22 12:46:48.942root 11241100x80000000000000004028862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f5ae983795d1f72021-12-22 12:46:49.442root 11241100x80000000000000004028863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:49.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858cdf959b572cab2021-12-22 12:46:49.942root 354300x80000000000000004028864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:50.235{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56896-false10.0.1.12-8000- 11241100x80000000000000004028865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374d64edb64d0e9e2021-12-22 12:46:50.235root 11241100x80000000000000004028866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:50.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d884e79c058bdc3b2021-12-22 12:46:50.692root 11241100x80000000000000004028867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:50.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61112df5fdf023582021-12-22 12:46:50.692root 11241100x80000000000000004028868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:51.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c1677c320748b92021-12-22 12:46:51.192root 11241100x80000000000000004028869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:51.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac195c0559673da2021-12-22 12:46:51.192root 11241100x80000000000000004028870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801603adf6a6321b2021-12-22 12:46:51.693root 11241100x80000000000000004028871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd2be16b90a0f022021-12-22 12:46:51.693root 11241100x80000000000000004028872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0eb8b27e4c16b5a2021-12-22 12:46:52.192root 11241100x80000000000000004028873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f808825b6cc27ab2021-12-22 12:46:52.193root 534500x80000000000000004028874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.517{00000000-0000-0000-0000-000000000000}22733<unknown process>ubuntu 11241100x80000000000000004028875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.517{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.ewB6jK2021-12-22 12:46:52.517ubuntu 23542300x80000000000000004028876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.517{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.ewB6jK--- 11241100x80000000000000004028877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ee29e2260f8ac12021-12-22 12:46:52.518root 11241100x80000000000000004028878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d7173e8d015d412021-12-22 12:46:52.518root 534500x80000000000000004028879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.518{ec2b6afe-1e3c-61c3-0000-000000000000}22734-ubuntu 11241100x80000000000000004028880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.519{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.ijZxgB2021-12-22 12:46:52.519ubuntu 23542300x80000000000000004028881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.519{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.ijZxgB--- 11241100x80000000000000004028882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce35bf452a4e7672021-12-22 12:46:52.942root 11241100x80000000000000004028883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb25392a3d22e8ed2021-12-22 12:46:52.943root 11241100x80000000000000004028884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46339f47f3f0e33f2021-12-22 12:46:52.943root 11241100x80000000000000004028885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483721fff57d95cf2021-12-22 12:46:52.944root 11241100x80000000000000004028886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a92707c3f323af92021-12-22 12:46:52.944root 11241100x80000000000000004028887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79855f9655c5d42c2021-12-22 12:46:52.944root 11241100x80000000000000004028888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939f7cb658b1fb202021-12-22 12:46:52.944root 11241100x80000000000000004028889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6867a22fedc46f2021-12-22 12:46:52.944root 11241100x80000000000000004028890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb75f4baa24c27b2021-12-22 12:46:52.944root 11241100x80000000000000004028891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f800c1bf47abb91d2021-12-22 12:46:53.442root 11241100x80000000000000004028892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6937d8a52885614d2021-12-22 12:46:53.443root 11241100x80000000000000004028893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861f9291fdde34102021-12-22 12:46:53.443root 11241100x80000000000000004028894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a735c05abb380062021-12-22 12:46:53.443root 11241100x80000000000000004028895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666a195fa3ac9b132021-12-22 12:46:53.443root 11241100x80000000000000004028896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e82d3e380497902021-12-22 12:46:53.443root 11241100x80000000000000004028897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8d475786c68cc02021-12-22 12:46:53.443root 11241100x80000000000000004028898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392da5877fd797822021-12-22 12:46:53.443root 11241100x80000000000000004028899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad514744ed1402af2021-12-22 12:46:53.444root 11241100x80000000000000004028900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2600ebafd8965d02021-12-22 12:46:53.444root 11241100x80000000000000004028901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906d9066f9cf071b2021-12-22 12:46:53.444root 11241100x80000000000000004028902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c593496db6f30e2021-12-22 12:46:53.444root 11241100x80000000000000004028903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6686aeed2094702021-12-22 12:46:53.444root 11241100x80000000000000004028904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d10c3874ed81952021-12-22 12:46:53.444root 11241100x80000000000000004028905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590732ae8b39903a2021-12-22 12:46:53.444root 11241100x80000000000000004028906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5a29efa163f03c2021-12-22 12:46:53.445root 11241100x80000000000000004028907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6c1b31c40281502021-12-22 12:46:53.445root 11241100x80000000000000004028908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706c5defd838d8bf2021-12-22 12:46:53.445root 11241100x80000000000000004028909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5704a659f7aba2122021-12-22 12:46:53.445root 11241100x80000000000000004028910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ab1c155724ff2b2021-12-22 12:46:53.445root 11241100x80000000000000004028911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbf1be4b1fc6f8c2021-12-22 12:46:53.445root 11241100x80000000000000004028912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7b0dcc986f24252021-12-22 12:46:53.446root 11241100x80000000000000004028913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9e73506d9be8fb2021-12-22 12:46:53.446root 154100x80000000000000004028914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.599{ec2b6afe-1e3d-61c3-981a-2ce330560000}22735/bin/cp-----cp /home/ubuntu/rootkit_test/rootkit.ko ./rootkit//lib/modules/5.4.0-1060-aws/kernel/driversubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000004028915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.601{ec2b6afe-1e3d-61c3-981a-2ce330560000}22735/bin/cpubuntu 11241100x80000000000000004028916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b97b8b69a3118f72021-12-22 12:46:53.942root 11241100x80000000000000004028917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eba877a86db9582021-12-22 12:46:53.943root 11241100x80000000000000004028918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee75f1a2a776bf912021-12-22 12:46:53.943root 11241100x80000000000000004028919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd31a8d345fb0f12021-12-22 12:46:53.943root 11241100x80000000000000004028920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8959e6fc7b61b8762021-12-22 12:46:53.943root 11241100x80000000000000004028921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d319f333f8aea32021-12-22 12:46:53.943root 11241100x80000000000000004028922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e744048b2b6714502021-12-22 12:46:53.943root 11241100x80000000000000004028923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165898893a8f25292021-12-22 12:46:53.944root 11241100x80000000000000004028924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3fddbc5f0eb8572021-12-22 12:46:53.944root 11241100x80000000000000004028925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb3cb17aad7d5c72021-12-22 12:46:53.944root 11241100x80000000000000004028926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29723194cc4ed3362021-12-22 12:46:53.944root 11241100x80000000000000004028927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945f451094759cf62021-12-22 12:46:53.944root 11241100x80000000000000004028928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c29f3bfad9c79e2021-12-22 12:46:53.944root 11241100x80000000000000004028929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0a94e304b80b602021-12-22 12:46:53.944root 11241100x80000000000000004028930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0b57eb47c7a90b2021-12-22 12:46:53.944root 11241100x80000000000000004028931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9fc09c1dd36ed52021-12-22 12:46:53.945root 11241100x80000000000000004028932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16b9bd5eddf3c562021-12-22 12:46:53.945root 11241100x80000000000000004028933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c6b83769c434fd2021-12-22 12:46:54.443root 11241100x80000000000000004028934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e68f0da8d0ae9f2021-12-22 12:46:54.443root 11241100x80000000000000004028935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977e1853fc637b882021-12-22 12:46:54.443root 11241100x80000000000000004028936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509e467f29f43b202021-12-22 12:46:54.443root 11241100x80000000000000004028937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b0fcaf8496ee7a2021-12-22 12:46:54.444root 11241100x80000000000000004028938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d66ef8befa42772021-12-22 12:46:54.444root 11241100x80000000000000004028939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc163be1a331bc52021-12-22 12:46:54.444root 11241100x80000000000000004028940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f768328c23c17d922021-12-22 12:46:54.444root 11241100x80000000000000004028941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae9e8c22c78a00f2021-12-22 12:46:54.444root 11241100x80000000000000004028942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963b50c687a674a52021-12-22 12:46:54.444root 11241100x80000000000000004028943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f83a8ec9c2f08fd2021-12-22 12:46:54.943root 11241100x80000000000000004028944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17412d22d85d3c1c2021-12-22 12:46:54.943root 11241100x80000000000000004028945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83a97d8e4095adf2021-12-22 12:46:54.943root 11241100x80000000000000004028946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e333531c530079a82021-12-22 12:46:54.943root 11241100x80000000000000004028947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a1e0482327c4e32021-12-22 12:46:54.943root 11241100x80000000000000004028948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746a9aa50084fa502021-12-22 12:46:54.943root 11241100x80000000000000004028949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8aca6fd09acc85a2021-12-22 12:46:54.943root 11241100x80000000000000004028950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e0719d50146bd92021-12-22 12:46:54.943root 11241100x80000000000000004028951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1dbdb3b4d0b17c2021-12-22 12:46:54.943root 11241100x80000000000000004028952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fc6b591b4063bd2021-12-22 12:46:54.943root 11241100x80000000000000004028953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929d68946bf160042021-12-22 12:46:55.443root 11241100x80000000000000004028954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d33bd9165f348d2021-12-22 12:46:55.444root 11241100x80000000000000004028955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51ab41312fd635d2021-12-22 12:46:55.444root 11241100x80000000000000004028956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2264c808d7d15ba32021-12-22 12:46:55.444root 11241100x80000000000000004028957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f7a943921c8f3d2021-12-22 12:46:55.444root 11241100x80000000000000004028958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c106dad64ece5d2021-12-22 12:46:55.444root 11241100x80000000000000004028959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c96a61be6b562632021-12-22 12:46:55.445root 11241100x80000000000000004028960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da5843f9551817d2021-12-22 12:46:55.445root 11241100x80000000000000004028961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833468a0a87391832021-12-22 12:46:55.445root 11241100x80000000000000004028962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9fe628b8545d312021-12-22 12:46:55.445root 11241100x80000000000000004028963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedefd67ec6abb9b2021-12-22 12:46:55.942root 11241100x80000000000000004028964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5802eeb98a48c72021-12-22 12:46:55.943root 11241100x80000000000000004028965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7ebcc93338c6692021-12-22 12:46:55.943root 11241100x80000000000000004028966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3af565377bccc122021-12-22 12:46:55.943root 11241100x80000000000000004028967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c819857df4db92952021-12-22 12:46:55.943root 11241100x80000000000000004028968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b6bbdd8ccdf4512021-12-22 12:46:55.943root 11241100x80000000000000004028969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee35dca03b80face2021-12-22 12:46:55.943root 11241100x80000000000000004028970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dcfe14a1e8b87e2021-12-22 12:46:55.943root 11241100x80000000000000004028971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60faeff4461d26192021-12-22 12:46:55.944root 11241100x80000000000000004028972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd5ca8034b855832021-12-22 12:46:55.944root 11241100x80000000000000004028973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d835d15edec0432021-12-22 12:46:55.944root 11241100x80000000000000004028974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caeda0aecebfcf42021-12-22 12:46:55.944root 11241100x80000000000000004028975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d245521f3843b68a2021-12-22 12:46:55.944root 11241100x80000000000000004028976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d721cc32e4e1402021-12-22 12:46:55.944root 11241100x80000000000000004028977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535926e3fd6286382021-12-22 12:46:55.944root 354300x80000000000000004028978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.063{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56898-false10.0.1.12-8000- 11241100x80000000000000004028979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497b5e24ac3a11c32021-12-22 12:46:56.442root 11241100x80000000000000004028980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5887f09bdbdc8edc2021-12-22 12:46:56.443root 11241100x80000000000000004028981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61464010c3e9f172021-12-22 12:46:56.443root 11241100x80000000000000004028982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7755e4175eed4de2021-12-22 12:46:56.443root 11241100x80000000000000004028983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8426e1e922d31d632021-12-22 12:46:56.443root 11241100x80000000000000004028984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395690232b0a00a32021-12-22 12:46:56.443root 11241100x80000000000000004028985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb80a83202e5cbc2021-12-22 12:46:56.443root 11241100x80000000000000004028986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd81aad745d8f012021-12-22 12:46:56.444root 11241100x80000000000000004028987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71713168ea75157e2021-12-22 12:46:56.444root 11241100x80000000000000004028988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa0cea34aa1f7e02021-12-22 12:46:56.444root 11241100x80000000000000004028989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf1ffca5cf234e22021-12-22 12:46:56.444root 11241100x80000000000000004028990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9965ab2159270cb2021-12-22 12:46:56.444root 11241100x80000000000000004028991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10648422ac73b482021-12-22 12:46:56.444root 154100x80000000000000004028992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.716{ec2b6afe-1e40-61c3-08de-16bcca550000}22736/usr/bin/sudo-----sudo cp /home/ubuntu/rootkit_test/rootkit.ko ./rootkit//lib/modules/5.4.0-1060-aws/kernel/driversubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000004028993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af18166c694a1c82021-12-22 12:46:56.717root 11241100x80000000000000004028994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f750e2c30d1b23492021-12-22 12:46:56.717root 11241100x80000000000000004028995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecbfc2a6e7051212021-12-22 12:46:56.718root 11241100x80000000000000004028996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674ece47008841422021-12-22 12:46:56.718root 11241100x80000000000000004028997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41170de98b40b8212021-12-22 12:46:56.718root 11241100x80000000000000004028998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4fd311456e94c82021-12-22 12:46:56.718root 11241100x80000000000000004028999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea4ca269e237a242021-12-22 12:46:56.718root 11241100x80000000000000004029000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e769ac599cae36d52021-12-22 12:46:56.718root 11241100x80000000000000004029001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3742ce47021145f42021-12-22 12:46:56.718root 11241100x80000000000000004029002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68af0776da843922021-12-22 12:46:56.718root 11241100x80000000000000004029003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90b6086daf33f712021-12-22 12:46:56.719root 11241100x80000000000000004029004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b83940784839d5f2021-12-22 12:46:56.719root 11241100x80000000000000004029005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01385d34131decef2021-12-22 12:46:56.719root 11241100x80000000000000004029006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b856dbd109d15182021-12-22 12:46:56.719root 11241100x80000000000000004029007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de860808bd1c174a2021-12-22 12:46:56.719root 11241100x80000000000000004029008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c406098421d3ac52021-12-22 12:46:56.719root 11241100x80000000000000004029009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59097708a620c262021-12-22 12:46:56.720root 11241100x80000000000000004029010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e0c5be4ad4dd8b2021-12-22 12:46:56.720root 11241100x80000000000000004029011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39d45598cb2fa3d2021-12-22 12:46:56.720root 11241100x80000000000000004029012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8838b932c8b39c0b2021-12-22 12:46:56.720root 11241100x80000000000000004029013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ebe9f7bd9e83322021-12-22 12:46:56.720root 354300x80000000000000004029014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.720{ec2b6afe-1e40-61c3-08de-16bcca550000}22736/usr/bin/sudoubuntuudptruefalse127.0.0.1-56065-false127.0.0.53-53- 354300x80000000000000004029015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.719{ec2b6afe-1e40-61c3-08de-16bcca550000}22736/usr/bin/sudoubuntuudptruefalse127.0.0.1-44546-false127.0.0.53-53- 354300x80000000000000004029016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.720{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-40203-false10.0.0.2-53- 354300x80000000000000004029017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.720{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-47862-false10.0.0.2-53- 354300x80000000000000004029018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.720{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-44546- 354300x80000000000000004029019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.720{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-56065- 154100x80000000000000004029020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.723{ec2b6afe-1e40-61c3-98aa-156cdd550000}22737/bin/cp-----cp /home/ubuntu/rootkit_test/rootkit.ko ./rootkit//lib/modules/5.4.0-1060-aws/kernel/driversroot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-1e40-61c3-08de-16bcca550000}22736/usr/bin/sudosudoubuntu 11241100x80000000000000004029021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.724{ec2b6afe-1e40-61c3-98aa-156cdd550000}22737/bin/cp/lib/modules/5.4.0-1060-aws/kernel/drivers/rootkit/rootkit.ko2021-12-22 12:46:56.724root 534500x80000000000000004029022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.725{ec2b6afe-1e40-61c3-98aa-156cdd550000}22737/bin/cproot 534500x80000000000000004029023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:56.728{ec2b6afe-1e40-61c3-08de-16bcca550000}22736/usr/bin/sudoroot 11241100x80000000000000004029024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d394ec806ba87fc2021-12-22 12:46:57.193root 11241100x80000000000000004029025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c6ce12dc2a00242021-12-22 12:46:57.193root 11241100x80000000000000004029026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2039bfb76400afe2021-12-22 12:46:57.193root 11241100x80000000000000004029027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08d3b6fbb648ef32021-12-22 12:46:57.193root 11241100x80000000000000004029028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fd6bca100439bd2021-12-22 12:46:57.193root 11241100x80000000000000004029029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe1561d02eae7da2021-12-22 12:46:57.193root 11241100x80000000000000004029030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6531e11d8d0d1b52021-12-22 12:46:57.194root 11241100x80000000000000004029031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496c63b13e48812e2021-12-22 12:46:57.194root 11241100x80000000000000004029032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67904f11fdc8abf02021-12-22 12:46:57.194root 11241100x80000000000000004029033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc4778caac3e6772021-12-22 12:46:57.194root 11241100x80000000000000004029034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ffabb0f03cf8912021-12-22 12:46:57.194root 11241100x80000000000000004029035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6d0ffecfdb2f3d2021-12-22 12:46:57.194root 11241100x80000000000000004029036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420322918ba03a352021-12-22 12:46:57.194root 11241100x80000000000000004029037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a101b8875722f96f2021-12-22 12:46:57.194root 11241100x80000000000000004029038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979c7063b54815bf2021-12-22 12:46:57.194root 11241100x80000000000000004029039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d76f97da0624812021-12-22 12:46:57.194root 11241100x80000000000000004029040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b89b0eb50c2cd02021-12-22 12:46:57.195root 11241100x80000000000000004029041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddfab325f3c4a272021-12-22 12:46:57.195root 11241100x80000000000000004029042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80c6aaedebef3532021-12-22 12:46:57.195root 11241100x80000000000000004029043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c651b7d090eac3fd2021-12-22 12:46:57.195root 11241100x80000000000000004029044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed5dd29f37b30f32021-12-22 12:46:57.195root 11241100x80000000000000004029045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c219729c0b55f02021-12-22 12:46:57.195root 11241100x80000000000000004029046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63becea76f790c2e2021-12-22 12:46:57.693root 11241100x80000000000000004029047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee5d15bf5e4149d2021-12-22 12:46:57.693root 11241100x80000000000000004029048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6ffef0bafaca1c2021-12-22 12:46:57.694root 11241100x80000000000000004029049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e57b0548ed397e2021-12-22 12:46:57.694root 11241100x80000000000000004029050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0ed629f459435c2021-12-22 12:46:57.694root 11241100x80000000000000004029051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed5a6912dd6a3df2021-12-22 12:46:57.694root 11241100x80000000000000004029052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed554ce709ce6bea2021-12-22 12:46:57.694root 11241100x80000000000000004029053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5516b5356535332021-12-22 12:46:57.694root 11241100x80000000000000004029054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9f569f5245f7a12021-12-22 12:46:57.694root 11241100x80000000000000004029055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e347cc791ad5da7a2021-12-22 12:46:57.694root 11241100x80000000000000004029056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae0dc91d2ac023f2021-12-22 12:46:57.694root 11241100x80000000000000004029057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af3ac80d59c53b32021-12-22 12:46:57.694root 11241100x80000000000000004029058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f391b470288d4ec2021-12-22 12:46:57.694root 11241100x80000000000000004029059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b58959d36d0e9732021-12-22 12:46:57.695root 11241100x80000000000000004029060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b3953ff420c3b82021-12-22 12:46:57.695root 11241100x80000000000000004029061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ead3f22971f7b292021-12-22 12:46:57.695root 11241100x80000000000000004029062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27debd89287019bd2021-12-22 12:46:57.695root 11241100x80000000000000004029063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af84f3c441e35b7c2021-12-22 12:46:57.695root 11241100x80000000000000004029064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d09f9565b9c1152021-12-22 12:46:57.695root 11241100x80000000000000004029065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed54c362ebe8b4322021-12-22 12:46:57.696root 11241100x80000000000000004029066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9060f45c936e73d2021-12-22 12:46:57.696root 11241100x80000000000000004029067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8b9c173d942a172021-12-22 12:46:57.696root 11241100x80000000000000004029068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4b9fd40551c1fb2021-12-22 12:46:58.193root 11241100x80000000000000004029069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfa5a757160d1382021-12-22 12:46:58.193root 11241100x80000000000000004029070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b197167f4c299362021-12-22 12:46:58.193root 11241100x80000000000000004029071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a45955ebf7b1f12021-12-22 12:46:58.194root 11241100x80000000000000004029072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b96bfc3d0d82d102021-12-22 12:46:58.194root 11241100x80000000000000004029073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7049677ad45445c02021-12-22 12:46:58.194root 11241100x80000000000000004029074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812545d5bbea0ffc2021-12-22 12:46:58.194root 11241100x80000000000000004029075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06a4ab8ffde65c02021-12-22 12:46:58.194root 11241100x80000000000000004029076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36e0974d28dc9ad2021-12-22 12:46:58.194root 11241100x80000000000000004029077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7b99bcb915480f2021-12-22 12:46:58.194root 11241100x80000000000000004029078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e73fe8b493f7182021-12-22 12:46:58.194root 11241100x80000000000000004029079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888dc7e1ee94210b2021-12-22 12:46:58.194root 11241100x80000000000000004029080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821ac635242937f02021-12-22 12:46:58.194root 11241100x80000000000000004029081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41a635d6bffecd02021-12-22 12:46:58.194root 11241100x80000000000000004029082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fb78775aafc9c02021-12-22 12:46:58.194root 11241100x80000000000000004029083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1e0cd1738960102021-12-22 12:46:58.194root 11241100x80000000000000004029084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c8346f5fe694d22021-12-22 12:46:58.194root 11241100x80000000000000004029085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5e72b4c165968a2021-12-22 12:46:58.195root 11241100x80000000000000004029086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc3435d26b8d97e2021-12-22 12:46:58.195root 11241100x80000000000000004029087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0122295ed9cb8e02021-12-22 12:46:58.195root 11241100x80000000000000004029088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671ced7a08cd8a972021-12-22 12:46:58.196root 11241100x80000000000000004029089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a06a720cfa044e92021-12-22 12:46:58.196root 11241100x80000000000000004029090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4276b5560410082021-12-22 12:46:58.693root 11241100x80000000000000004029091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa47419abf24e422021-12-22 12:46:58.693root 11241100x80000000000000004029092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec95d0dc4c7f8432021-12-22 12:46:58.693root 11241100x80000000000000004029093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbadaeccf26afc72021-12-22 12:46:58.693root 11241100x80000000000000004029094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7a85b244176d512021-12-22 12:46:58.694root 11241100x80000000000000004029095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035d58ee3e4bb4fc2021-12-22 12:46:58.694root 11241100x80000000000000004029096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c148e53f5a87212021-12-22 12:46:58.694root 11241100x80000000000000004029097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeebf41658d5cdb72021-12-22 12:46:58.694root 11241100x80000000000000004029098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc5a9c015519c3e2021-12-22 12:46:58.694root 11241100x80000000000000004029099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3462546355ff0d12021-12-22 12:46:58.695root 11241100x80000000000000004029100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0638707191f0c8432021-12-22 12:46:58.695root 11241100x80000000000000004029101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7771e22a21fae6f02021-12-22 12:46:58.695root 11241100x80000000000000004029102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c32136cee17fff2021-12-22 12:46:58.695root 11241100x80000000000000004029103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c00a9aca6d5bf302021-12-22 12:46:58.696root 11241100x80000000000000004029104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9054a6fd88f7c93e2021-12-22 12:46:58.696root 11241100x80000000000000004029105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe8d5a0ecb9f0752021-12-22 12:46:58.696root 11241100x80000000000000004029106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6795874c7a1e16d42021-12-22 12:46:58.696root 11241100x80000000000000004029107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6eb0fcc77425512021-12-22 12:46:58.697root 11241100x80000000000000004029108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281f9095c77470f22021-12-22 12:46:58.697root 11241100x80000000000000004029109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3497898ea570d3c22021-12-22 12:46:58.697root 11241100x80000000000000004029110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c081a70594174962021-12-22 12:46:58.697root 11241100x80000000000000004029111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39831eaaa81ebd1f2021-12-22 12:46:58.697root 11241100x80000000000000004029112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5f3656409f78692021-12-22 12:46:58.697root 11241100x80000000000000004029113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df066e0d4c0c347a2021-12-22 12:46:58.697root 11241100x80000000000000004029114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f715007a4fe7c9f2021-12-22 12:46:59.193root 11241100x80000000000000004029115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb567ad50eddc01a2021-12-22 12:46:59.193root 11241100x80000000000000004029116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b9d831ef3ac9fc2021-12-22 12:46:59.193root 11241100x80000000000000004029117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bbace59b3700982021-12-22 12:46:59.193root 11241100x80000000000000004029118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba287dadbb49e0a2021-12-22 12:46:59.193root 11241100x80000000000000004029119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd1277f48010bee2021-12-22 12:46:59.193root 11241100x80000000000000004029120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada4f92df39870962021-12-22 12:46:59.193root 11241100x80000000000000004029121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbee4f8dda060ea2021-12-22 12:46:59.193root 11241100x80000000000000004029122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025dec438071d3e62021-12-22 12:46:59.193root 11241100x80000000000000004029123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14089a3fecba385d2021-12-22 12:46:59.193root 11241100x80000000000000004029124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf33b4ba038da422021-12-22 12:46:59.194root 11241100x80000000000000004029125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff406641e93b2a5f2021-12-22 12:46:59.194root 11241100x80000000000000004029126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fa856d0c6991e12021-12-22 12:46:59.194root 11241100x80000000000000004029127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13519237d64018142021-12-22 12:46:59.194root 11241100x80000000000000004029128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fe681d098b1a0c2021-12-22 12:46:59.194root 11241100x80000000000000004029129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed249f7a621b33e42021-12-22 12:46:59.194root 11241100x80000000000000004029130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ad91c9aec6778c2021-12-22 12:46:59.194root 11241100x80000000000000004029131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa78a4d4aca7d3472021-12-22 12:46:59.194root 11241100x80000000000000004029132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc6ccf833d641e52021-12-22 12:46:59.194root 11241100x80000000000000004029133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fc1a4ab3d2f2892021-12-22 12:46:59.195root 11241100x80000000000000004029134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfaa20d6277097d2021-12-22 12:46:59.195root 11241100x80000000000000004029135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb6444bab0ddc742021-12-22 12:46:59.195root 11241100x80000000000000004029136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa147e08bb96578a2021-12-22 12:46:59.195root 11241100x80000000000000004029137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54459ea44d8c3e5a2021-12-22 12:46:59.195root 11241100x80000000000000004029138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f520fc622576af82021-12-22 12:46:59.195root 11241100x80000000000000004029139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561ee2a710a467e82021-12-22 12:46:59.195root 11241100x80000000000000004029140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b28a20635326f62021-12-22 12:46:59.195root 11241100x80000000000000004029141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff1669a278b2192021-12-22 12:46:59.195root 11241100x80000000000000004029142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0456b0ae6dc18572021-12-22 12:46:59.195root 11241100x80000000000000004029143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a76a1cc68b2b6bd2021-12-22 12:46:59.196root 11241100x80000000000000004029144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fa8499a582da0f2021-12-22 12:46:59.196root 11241100x80000000000000004029145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bfb3fbfde625aa2021-12-22 12:46:59.196root 11241100x80000000000000004029146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1480877526a45aa22021-12-22 12:46:59.196root 11241100x80000000000000004029147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1e9abb3f652cce2021-12-22 12:46:59.196root 11241100x80000000000000004029148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a9d7e4cd27791a2021-12-22 12:46:59.196root 11241100x80000000000000004029149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bf2b0875b41fa52021-12-22 12:46:59.196root 11241100x80000000000000004029150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2651c9b4f32d316d2021-12-22 12:46:59.196root 11241100x80000000000000004029151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093aedfb88a99bb72021-12-22 12:46:59.693root 11241100x80000000000000004029152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21015133d079a2792021-12-22 12:46:59.693root 11241100x80000000000000004029153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e92d6f7cb36492021-12-22 12:46:59.693root 11241100x80000000000000004029154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f324b054144d78b2021-12-22 12:46:59.693root 11241100x80000000000000004029155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89af42e3531186492021-12-22 12:46:59.693root 11241100x80000000000000004029156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750a84ccaf2c61502021-12-22 12:46:59.693root 11241100x80000000000000004029157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6421d08cf24cd6992021-12-22 12:46:59.693root 11241100x80000000000000004029158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e144faaf620fa1f32021-12-22 12:46:59.693root 11241100x80000000000000004029159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649c1c17e26559b42021-12-22 12:46:59.693root 11241100x80000000000000004029160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea94e8d322787c9e2021-12-22 12:46:59.694root 11241100x80000000000000004029161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9acd8cdfb8a5422021-12-22 12:46:59.694root 11241100x80000000000000004029162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9c1fdef33d7f192021-12-22 12:46:59.694root 11241100x80000000000000004029163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fa9902e99163e02021-12-22 12:46:59.694root 11241100x80000000000000004029164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e83a9924a5ce152021-12-22 12:46:59.694root 11241100x80000000000000004029165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401af3127bae02912021-12-22 12:46:59.694root 11241100x80000000000000004029166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dda7e3053f996082021-12-22 12:46:59.694root 11241100x80000000000000004029167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f425d6dacbae32d2021-12-22 12:46:59.694root 11241100x80000000000000004029168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97df78165db15c32021-12-22 12:46:59.694root 11241100x80000000000000004029169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e435654fd0089962021-12-22 12:46:59.694root 11241100x80000000000000004029170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deb8626fc34668d2021-12-22 12:46:59.695root 11241100x80000000000000004029171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d428fc8183263e2021-12-22 12:46:59.695root 11241100x80000000000000004029172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a015df8e045bae2021-12-22 12:46:59.695root 11241100x80000000000000004029173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637b049e3f5beacd2021-12-22 12:47:00.193root 11241100x80000000000000004029174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32d16792576e3d12021-12-22 12:47:00.193root 11241100x80000000000000004029175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94f8923d5a9661d2021-12-22 12:47:00.194root 11241100x80000000000000004029176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864b143be9039b662021-12-22 12:47:00.194root 11241100x80000000000000004029177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0de94bd61aae3ef2021-12-22 12:47:00.194root 11241100x80000000000000004029178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c831e0e8b541ac2021-12-22 12:47:00.194root 11241100x80000000000000004029179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc07f21066b5f3602021-12-22 12:47:00.194root 11241100x80000000000000004029180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eb5b876d9bbcb22021-12-22 12:47:00.194root 11241100x80000000000000004029181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b4969a7ac001d72021-12-22 12:47:00.194root 11241100x80000000000000004029182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42e1551236576cd2021-12-22 12:47:00.194root 11241100x80000000000000004029183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb50f76d98f38bbe2021-12-22 12:47:00.194root 11241100x80000000000000004029184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b200bad5d64bb0002021-12-22 12:47:00.194root 11241100x80000000000000004029185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6424f9aa58e5f982021-12-22 12:47:00.194root 11241100x80000000000000004029186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cde450cb5182dfc2021-12-22 12:47:00.195root 11241100x80000000000000004029187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34216fc8474d41b32021-12-22 12:47:00.195root 11241100x80000000000000004029188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430a5d08773691bd2021-12-22 12:47:00.195root 11241100x80000000000000004029189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bd0d3845f4fefc2021-12-22 12:47:00.195root 11241100x80000000000000004029190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd695ce338464a962021-12-22 12:47:00.195root 11241100x80000000000000004029191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2884f823d002e8092021-12-22 12:47:00.195root 11241100x80000000000000004029192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5428e9a4da01d3fa2021-12-22 12:47:00.195root 11241100x80000000000000004029193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ef8537d3c42e1e2021-12-22 12:47:00.195root 11241100x80000000000000004029194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3de9c1e1263fc6b2021-12-22 12:47:00.196root 11241100x80000000000000004029195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da20b4af151daa4a2021-12-22 12:47:00.693root 11241100x80000000000000004029196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afba21d407b6e442021-12-22 12:47:00.693root 11241100x80000000000000004029197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13241f2bdfab7bb22021-12-22 12:47:00.693root 11241100x80000000000000004029198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84b2d4314ede4892021-12-22 12:47:00.693root 11241100x80000000000000004029199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25dc4bf809192b12021-12-22 12:47:00.693root 11241100x80000000000000004029200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245a7711e1aadb1d2021-12-22 12:47:00.693root 11241100x80000000000000004029201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a042b708de50242021-12-22 12:47:00.693root 11241100x80000000000000004029202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5823252517d269e92021-12-22 12:47:00.693root 11241100x80000000000000004029203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6276ad05b82ad82021-12-22 12:47:00.693root 11241100x80000000000000004029204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b53b1e6176d5062021-12-22 12:47:00.693root 11241100x80000000000000004029205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beeb4750258ed002021-12-22 12:47:00.693root 11241100x80000000000000004029206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97743aa017a1894b2021-12-22 12:47:00.694root 11241100x80000000000000004029207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7bb029dcac59142021-12-22 12:47:00.694root 11241100x80000000000000004029208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fede6f89cf4ea6c2021-12-22 12:47:00.694root 11241100x80000000000000004029209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922bca84fd955aaa2021-12-22 12:47:00.694root 11241100x80000000000000004029210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5fcf6053ee16a82021-12-22 12:47:00.694root 11241100x80000000000000004029211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7542248c717eff522021-12-22 12:47:00.694root 11241100x80000000000000004029212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab661e5eee7212292021-12-22 12:47:00.694root 11241100x80000000000000004029213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d4b0bef42c93162021-12-22 12:47:00.694root 11241100x80000000000000004029214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff579752e90c6f322021-12-22 12:47:00.694root 11241100x80000000000000004029215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512d7737087499402021-12-22 12:47:00.694root 11241100x80000000000000004029216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f558bb66ff03d332021-12-22 12:47:00.695root 354300x80000000000000004029217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.107{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56900-false10.0.1.12-8000- 11241100x80000000000000004029218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c401ad7ccfbe47fe2021-12-22 12:47:01.108root 11241100x80000000000000004029219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1b75c4911f54382021-12-22 12:47:01.108root 11241100x80000000000000004029220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1faf7ffb7d681212021-12-22 12:47:01.108root 11241100x80000000000000004029221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f346cade36fd6c02021-12-22 12:47:01.109root 11241100x80000000000000004029222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00186876b4c52f42021-12-22 12:47:01.109root 11241100x80000000000000004029223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35be68b84b9d4232021-12-22 12:47:01.109root 11241100x80000000000000004029224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95e02a87b12846a2021-12-22 12:47:01.109root 11241100x80000000000000004029225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba9eb553de0cee92021-12-22 12:47:01.109root 11241100x80000000000000004029226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131fd55c8f0b139e2021-12-22 12:47:01.109root 11241100x80000000000000004029227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9055090842f346422021-12-22 12:47:01.109root 11241100x80000000000000004029228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26077bd427f07ec92021-12-22 12:47:01.109root 11241100x80000000000000004029229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374a54c8e5e3fe842021-12-22 12:47:01.109root 11241100x80000000000000004029230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c451c63c9b172dd22021-12-22 12:47:01.109root 11241100x80000000000000004029231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42ab853523597e72021-12-22 12:47:01.109root 11241100x80000000000000004029232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691627a447d3b69a2021-12-22 12:47:01.109root 11241100x80000000000000004029233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec079fee3f866022021-12-22 12:47:01.110root 11241100x80000000000000004029234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b87c508468926e2021-12-22 12:47:01.110root 11241100x80000000000000004029235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c6dcd70a11d0c22021-12-22 12:47:01.110root 11241100x80000000000000004029236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c0e8aa23341fad2021-12-22 12:47:01.110root 11241100x80000000000000004029237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b586b8e1157f9be22021-12-22 12:47:01.110root 11241100x80000000000000004029238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bb6bfa64d9720a2021-12-22 12:47:01.110root 11241100x80000000000000004029239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5002ae5d105a042021-12-22 12:47:01.110root 11241100x80000000000000004029240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f306029e737ee92021-12-22 12:47:01.111root 11241100x80000000000000004029241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96601d83fb63f66a2021-12-22 12:47:01.443root 11241100x80000000000000004029242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c765a3c4bde24c2021-12-22 12:47:01.443root 11241100x80000000000000004029243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0625f4135ad4e7862021-12-22 12:47:01.444root 11241100x80000000000000004029244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1241908148c1f6542021-12-22 12:47:01.444root 11241100x80000000000000004029245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581b5b612c51f32c2021-12-22 12:47:01.444root 11241100x80000000000000004029246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fcdf6fae2735f92021-12-22 12:47:01.444root 11241100x80000000000000004029247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16a6faa7d9cfcaf2021-12-22 12:47:01.444root 11241100x80000000000000004029248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eff98ef679d3892021-12-22 12:47:01.444root 11241100x80000000000000004029249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679a1ff38bf6fbd22021-12-22 12:47:01.444root 11241100x80000000000000004029250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ab2f186f7fbd5c2021-12-22 12:47:01.444root 11241100x80000000000000004029251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6170e62ec1371fe52021-12-22 12:47:01.444root 11241100x80000000000000004029252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6f4376982e9f612021-12-22 12:47:01.444root 11241100x80000000000000004029253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f561e0555a94f2c12021-12-22 12:47:01.445root 11241100x80000000000000004029254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba642ed8fd787e5a2021-12-22 12:47:01.445root 11241100x80000000000000004029255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d205b1c5745857332021-12-22 12:47:01.445root 11241100x80000000000000004029256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad39e2e5e6a4d442021-12-22 12:47:01.445root 11241100x80000000000000004029257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0364f80fde1bda542021-12-22 12:47:01.445root 11241100x80000000000000004029258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1bf51b8b8f83db2021-12-22 12:47:01.445root 11241100x80000000000000004029259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee90863317f2b4602021-12-22 12:47:01.445root 11241100x80000000000000004029260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2cf6d99427d5bd2021-12-22 12:47:01.445root 11241100x80000000000000004029261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b351195b4130f0592021-12-22 12:47:01.445root 11241100x80000000000000004029262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a83fb66eb24e8a2021-12-22 12:47:01.445root 11241100x80000000000000004029263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e1500b646adab42021-12-22 12:47:01.446root 11241100x80000000000000004029264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc00af757295b4c02021-12-22 12:47:01.943root 11241100x80000000000000004029265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff85850827d1662021-12-22 12:47:01.943root 11241100x80000000000000004029266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd0f6d73cb8b5722021-12-22 12:47:01.943root 11241100x80000000000000004029267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14a66feac8331ef2021-12-22 12:47:01.944root 11241100x80000000000000004029268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce5f4046f2c89f42021-12-22 12:47:01.944root 11241100x80000000000000004029269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e674e29cb230f2022021-12-22 12:47:01.944root 11241100x80000000000000004029270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a1970fa5c5d6c62021-12-22 12:47:01.944root 11241100x80000000000000004029271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdab2230e1b13cfa2021-12-22 12:47:01.944root 11241100x80000000000000004029272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff842c51764e95ff2021-12-22 12:47:01.944root 11241100x80000000000000004029273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713f0d3ae65393562021-12-22 12:47:01.944root 11241100x80000000000000004029274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17eb21f51a0702932021-12-22 12:47:01.944root 11241100x80000000000000004029275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322c60ee791c52a32021-12-22 12:47:01.944root 11241100x80000000000000004029276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16964cc96a1882642021-12-22 12:47:01.945root 11241100x80000000000000004029277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c66a4433f73edda2021-12-22 12:47:01.945root 11241100x80000000000000004029278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dff2dfbc902a11b2021-12-22 12:47:01.945root 11241100x80000000000000004029279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacd063527f6e51a2021-12-22 12:47:01.945root 11241100x80000000000000004029280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b6fe2818268f8f2021-12-22 12:47:01.945root 11241100x80000000000000004029281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99213dc5ba91bbd12021-12-22 12:47:01.945root 11241100x80000000000000004029282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4be550cd5c18c42021-12-22 12:47:01.945root 11241100x80000000000000004029283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fc70fdf9e13db52021-12-22 12:47:01.945root 11241100x80000000000000004029284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d95f500dfdb9612021-12-22 12:47:01.945root 11241100x80000000000000004029285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863690c3ddcca3822021-12-22 12:47:01.946root 11241100x80000000000000004029286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c703d7f58f772d2021-12-22 12:47:01.946root 11241100x80000000000000004029287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8812a09c9be511e22021-12-22 12:47:02.443root 11241100x80000000000000004029288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b32aba4bda741f02021-12-22 12:47:02.443root 11241100x80000000000000004029289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ba42cecc6f402a2021-12-22 12:47:02.443root 11241100x80000000000000004029290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea3f8895a5614632021-12-22 12:47:02.444root 11241100x80000000000000004029291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4416ee21082ef7a92021-12-22 12:47:02.444root 11241100x80000000000000004029292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cdacee706757712021-12-22 12:47:02.444root 11241100x80000000000000004029293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b070a829d39887f2021-12-22 12:47:02.444root 11241100x80000000000000004029294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df9498a1554ec4f2021-12-22 12:47:02.445root 11241100x80000000000000004029295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0389c8c7202b08e02021-12-22 12:47:02.445root 11241100x80000000000000004029296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c0f3aec87fdc142021-12-22 12:47:02.445root 11241100x80000000000000004029297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e86f72f0b108072021-12-22 12:47:02.445root 11241100x80000000000000004029298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8630e9e5c9e33532021-12-22 12:47:02.445root 11241100x80000000000000004029299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a96cfeec17bfada2021-12-22 12:47:02.445root 11241100x80000000000000004029300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0916ed6361614b062021-12-22 12:47:02.445root 11241100x80000000000000004029301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838006996b1115842021-12-22 12:47:02.445root 11241100x80000000000000004029302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0b04f0c0de395a2021-12-22 12:47:02.445root 11241100x80000000000000004029303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f14e78d89d25652021-12-22 12:47:02.445root 11241100x80000000000000004029304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87aad49185d2d4d52021-12-22 12:47:02.446root 11241100x80000000000000004029305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254f411651c1ea8c2021-12-22 12:47:02.446root 11241100x80000000000000004029306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b21ce66f1d067c2021-12-22 12:47:02.446root 11241100x80000000000000004029307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546d5ec77a57bfbe2021-12-22 12:47:02.446root 11241100x80000000000000004029308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d61432645d916162021-12-22 12:47:02.446root 11241100x80000000000000004029309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e447feb1d85691472021-12-22 12:47:02.446root 11241100x80000000000000004029310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2782e82df80f17942021-12-22 12:47:02.943root 11241100x80000000000000004029311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6b85659b7aa8a22021-12-22 12:47:02.943root 11241100x80000000000000004029312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabba6eb9de5cd9d2021-12-22 12:47:02.943root 11241100x80000000000000004029313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18588e3005830f532021-12-22 12:47:02.943root 11241100x80000000000000004029314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e610b96b1a634aa2021-12-22 12:47:02.943root 11241100x80000000000000004029315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3adcba0f0f86242021-12-22 12:47:02.943root 11241100x80000000000000004029316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f15cad9cf536802021-12-22 12:47:02.943root 11241100x80000000000000004029317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a324b807bd2a49a2021-12-22 12:47:02.943root 11241100x80000000000000004029318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2a790887780ed42021-12-22 12:47:02.943root 11241100x80000000000000004029319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e5a80d031173082021-12-22 12:47:02.943root 11241100x80000000000000004029320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa07c798df8b39dc2021-12-22 12:47:02.944root 11241100x80000000000000004029321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0a81c1357b517e2021-12-22 12:47:02.944root 11241100x80000000000000004029322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0f00188c4f45322021-12-22 12:47:02.944root 11241100x80000000000000004029323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5b7fe1a54598d52021-12-22 12:47:02.944root 11241100x80000000000000004029324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbe8b0c9b1637de2021-12-22 12:47:02.944root 11241100x80000000000000004029325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8696d2991e63392021-12-22 12:47:02.944root 11241100x80000000000000004029326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b053b3e27d13592021-12-22 12:47:02.944root 11241100x80000000000000004029327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefbb19d7ec8d6c22021-12-22 12:47:02.944root 11241100x80000000000000004029328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2adb60b6c0b24d2021-12-22 12:47:02.944root 11241100x80000000000000004029329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdf149c532a17132021-12-22 12:47:02.944root 11241100x80000000000000004029330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec68071796ef30d2021-12-22 12:47:02.945root 11241100x80000000000000004029331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50acdc447ccbf1e2021-12-22 12:47:02.945root 11241100x80000000000000004029332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1124a3d6c533442021-12-22 12:47:02.945root 11241100x80000000000000004029333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.123{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:47:03.123root 11241100x80000000000000004029334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce124c4ccb301d972021-12-22 12:47:03.443root 11241100x80000000000000004029335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a3c4bbc0e81e2b2021-12-22 12:47:03.443root 11241100x80000000000000004029336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d9d165817f1de12021-12-22 12:47:03.443root 11241100x80000000000000004029337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e30d6aa8b85e712021-12-22 12:47:03.444root 11241100x80000000000000004029338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89ffa19447065212021-12-22 12:47:03.444root 11241100x80000000000000004029339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb974153aecda0642021-12-22 12:47:03.444root 11241100x80000000000000004029340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aca622fe55edef2021-12-22 12:47:03.444root 11241100x80000000000000004029341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc1ce25dfa1615f2021-12-22 12:47:03.444root 11241100x80000000000000004029342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c8308433c7b0b42021-12-22 12:47:03.444root 11241100x80000000000000004029343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbc2dd42ef1b58f2021-12-22 12:47:03.444root 11241100x80000000000000004029344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61907c9ac87ba1ad2021-12-22 12:47:03.444root 11241100x80000000000000004029345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9ce8425f9b3c9c2021-12-22 12:47:03.444root 11241100x80000000000000004029346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac7a2934d4626ec2021-12-22 12:47:03.444root 11241100x80000000000000004029347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649263f15b2a76a02021-12-22 12:47:03.445root 11241100x80000000000000004029348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f667463638b719ae2021-12-22 12:47:03.445root 11241100x80000000000000004029349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae967fec183b0df22021-12-22 12:47:03.445root 11241100x80000000000000004029350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0b74f0b99308f22021-12-22 12:47:03.445root 11241100x80000000000000004029351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bb4f0c282699732021-12-22 12:47:03.445root 11241100x80000000000000004029352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51ebd913bcb407b2021-12-22 12:47:03.445root 11241100x80000000000000004029353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a54ecbad611d9212021-12-22 12:47:03.445root 11241100x80000000000000004029354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948ac277ec75b18f2021-12-22 12:47:03.445root 11241100x80000000000000004029355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38db32ea54b5b5162021-12-22 12:47:03.445root 11241100x80000000000000004029356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ae4a546ef1ddf52021-12-22 12:47:03.445root 11241100x80000000000000004029357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f1995ecce9a6952021-12-22 12:47:03.446root 11241100x80000000000000004029358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b441e7f0bb905102021-12-22 12:47:03.943root 11241100x80000000000000004029359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95afebf8f6940cf2021-12-22 12:47:03.944root 11241100x80000000000000004029360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f31d4f9b2787452021-12-22 12:47:03.944root 11241100x80000000000000004029361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376da16001db6df72021-12-22 12:47:03.944root 11241100x80000000000000004029362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb0a6373c364fa32021-12-22 12:47:03.944root 11241100x80000000000000004029363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfba724c0c4b1ec42021-12-22 12:47:03.944root 11241100x80000000000000004029364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fdb81c8a6816a92021-12-22 12:47:03.945root 11241100x80000000000000004029365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae497fbcec0a8a52021-12-22 12:47:03.945root 11241100x80000000000000004029366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f8c5820583ec332021-12-22 12:47:03.945root 11241100x80000000000000004029367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a54200fd559d512021-12-22 12:47:03.945root 11241100x80000000000000004029368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4792f72a571c9912021-12-22 12:47:03.945root 11241100x80000000000000004029369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ced28db728bb5c2021-12-22 12:47:03.945root 11241100x80000000000000004029370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049c98ec6ac7d4412021-12-22 12:47:03.945root 11241100x80000000000000004029371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5402dbc2dc0b1a7f2021-12-22 12:47:03.946root 11241100x80000000000000004029372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10d7fec509e777c2021-12-22 12:47:03.946root 11241100x80000000000000004029373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b050255558a3ddc2021-12-22 12:47:03.946root 11241100x80000000000000004029374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c400aee82cbb8e312021-12-22 12:47:03.946root 11241100x80000000000000004029375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b4d3949c43af572021-12-22 12:47:03.946root 11241100x80000000000000004029376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aefb1f06eaba50b2021-12-22 12:47:03.946root 11241100x80000000000000004029377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c35287f361f74c2021-12-22 12:47:03.947root 11241100x80000000000000004029378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b42b0aeb15de1bb2021-12-22 12:47:03.947root 11241100x80000000000000004029379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b890b08b148780082021-12-22 12:47:03.947root 11241100x80000000000000004029380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d949c5843b3fc72021-12-22 12:47:03.947root 11241100x80000000000000004029381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b55d116be1f7352021-12-22 12:47:03.947root 11241100x80000000000000004029382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492a7251a2abf4502021-12-22 12:47:04.443root 11241100x80000000000000004029383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbb2eda615979cb2021-12-22 12:47:04.444root 11241100x80000000000000004029384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b456faeb49e1a072021-12-22 12:47:04.444root 11241100x80000000000000004029385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efdbdc78f4679e12021-12-22 12:47:04.444root 11241100x80000000000000004029386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb860b9a0d87d7cd2021-12-22 12:47:04.444root 11241100x80000000000000004029387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1f63f18ac963f22021-12-22 12:47:04.444root 11241100x80000000000000004029388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de032417f72f62d2021-12-22 12:47:04.445root 11241100x80000000000000004029389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a874e63949dfa8bc2021-12-22 12:47:04.445root 11241100x80000000000000004029390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0a317e32631c132021-12-22 12:47:04.445root 11241100x80000000000000004029391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81a527aa49e34832021-12-22 12:47:04.445root 11241100x80000000000000004029392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70898e14f6ef6652021-12-22 12:47:04.445root 11241100x80000000000000004029393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8f5665e5a79f082021-12-22 12:47:04.446root 11241100x80000000000000004029394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26885223938a4ffb2021-12-22 12:47:04.446root 11241100x80000000000000004029395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bd1a3303c5262c2021-12-22 12:47:04.446root 11241100x80000000000000004029396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8a83793950d9002021-12-22 12:47:04.446root 11241100x80000000000000004029397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3008defba9af9572021-12-22 12:47:04.447root 11241100x80000000000000004029398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbd80cbb69724462021-12-22 12:47:04.447root 11241100x80000000000000004029399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3fda230cee683d2021-12-22 12:47:04.447root 11241100x80000000000000004029400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048ef71792684d0e2021-12-22 12:47:04.448root 11241100x80000000000000004029401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc764cf4ad6f49902021-12-22 12:47:04.449root 11241100x80000000000000004029402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cbca61a85b1f062021-12-22 12:47:04.449root 11241100x80000000000000004029403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a94bc23011e0fd2021-12-22 12:47:04.450root 11241100x80000000000000004029404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80df774d33a17b72021-12-22 12:47:04.451root 11241100x80000000000000004029405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07952cbae3df63a62021-12-22 12:47:04.451root 11241100x80000000000000004029406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c382dbf29df5bc92021-12-22 12:47:04.943root 11241100x80000000000000004029407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc32f0772fa2c6b2021-12-22 12:47:04.944root 11241100x80000000000000004029408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416147b67685fe3e2021-12-22 12:47:04.944root 11241100x80000000000000004029409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e1261a8cefdc792021-12-22 12:47:04.944root 11241100x80000000000000004029410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8567574a7980a4b2021-12-22 12:47:04.944root 11241100x80000000000000004029411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df1da7303e8c0372021-12-22 12:47:04.944root 11241100x80000000000000004029412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1c63dc81781d472021-12-22 12:47:04.944root 11241100x80000000000000004029413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c630b416c0e8209a2021-12-22 12:47:04.945root 11241100x80000000000000004029414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d79d98147da8902021-12-22 12:47:04.945root 11241100x80000000000000004029415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4729cf2f1208b45c2021-12-22 12:47:04.945root 11241100x80000000000000004029416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af87f03b5ad7b9d2021-12-22 12:47:04.945root 11241100x80000000000000004029417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cee51928e1d5892021-12-22 12:47:04.945root 11241100x80000000000000004029418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c304200e1eecfe72021-12-22 12:47:04.946root 11241100x80000000000000004029419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280f064297f5ab652021-12-22 12:47:04.946root 11241100x80000000000000004029420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5407a8315a97bb92021-12-22 12:47:04.946root 11241100x80000000000000004029421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e07f4699e23f262021-12-22 12:47:04.946root 11241100x80000000000000004029422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695eea7e8036eaac2021-12-22 12:47:04.946root 11241100x80000000000000004029423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c60da6e4eb4b7a2021-12-22 12:47:04.947root 11241100x80000000000000004029424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c6d6e5615e1f182021-12-22 12:47:04.947root 11241100x80000000000000004029425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57667887f408f90a2021-12-22 12:47:04.947root 11241100x80000000000000004029426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02565c9d09b10e822021-12-22 12:47:04.948root 11241100x80000000000000004029427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9eaaa4a301c7362021-12-22 12:47:04.948root 11241100x80000000000000004029428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963deaf5cc03e1c92021-12-22 12:47:04.948root 11241100x80000000000000004029429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be6c24a936c97d52021-12-22 12:47:04.949root 11241100x80000000000000004029430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae6d875c031c5892021-12-22 12:47:05.443root 11241100x80000000000000004029431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbb1a634071d3842021-12-22 12:47:05.443root 11241100x80000000000000004029432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3c24ccba82116d2021-12-22 12:47:05.444root 11241100x80000000000000004029433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c0df04d8b7afeb2021-12-22 12:47:05.444root 11241100x80000000000000004029434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9a3fa26f8872862021-12-22 12:47:05.445root 11241100x80000000000000004029435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031b55034236168c2021-12-22 12:47:05.445root 11241100x80000000000000004029436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00a6d0ec05479442021-12-22 12:47:05.445root 11241100x80000000000000004029437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5966d683aab9f4202021-12-22 12:47:05.445root 11241100x80000000000000004029438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b395e2a4b0a05f162021-12-22 12:47:05.445root 11241100x80000000000000004029439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971bd776470798212021-12-22 12:47:05.445root 11241100x80000000000000004029440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e833274478032da2021-12-22 12:47:05.446root 11241100x80000000000000004029441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfd2b298cd004222021-12-22 12:47:05.446root 11241100x80000000000000004029442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af36ffa3471f30412021-12-22 12:47:05.446root 11241100x80000000000000004029443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0346605c873deb292021-12-22 12:47:05.446root 11241100x80000000000000004029444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893538ab2e6de4f12021-12-22 12:47:05.446root 11241100x80000000000000004029445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9ff3206abc0f3d2021-12-22 12:47:05.446root 11241100x80000000000000004029446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0473dbc565873b612021-12-22 12:47:05.446root 11241100x80000000000000004029447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dd785f6a4d89a42021-12-22 12:47:05.446root 11241100x80000000000000004029448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94252b772eefbf822021-12-22 12:47:05.446root 11241100x80000000000000004029449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ba433f6cbeee7a2021-12-22 12:47:05.446root 11241100x80000000000000004029450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5a7654d9f6a95c2021-12-22 12:47:05.446root 11241100x80000000000000004029451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1335390925892cd92021-12-22 12:47:05.446root 11241100x80000000000000004029452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5934a0aeed67a4492021-12-22 12:47:05.446root 11241100x80000000000000004029453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843e005e170c02af2021-12-22 12:47:05.446root 11241100x80000000000000004029454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea79342de89e3cd2021-12-22 12:47:05.943root 11241100x80000000000000004029455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ce256e80345f252021-12-22 12:47:05.943root 11241100x80000000000000004029456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b98cba124f59d02021-12-22 12:47:05.943root 11241100x80000000000000004029457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264f1c8a1779b6052021-12-22 12:47:05.943root 11241100x80000000000000004029458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c4c98a84ac3c552021-12-22 12:47:05.943root 11241100x80000000000000004029459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fac8e2808dc13f52021-12-22 12:47:05.944root 11241100x80000000000000004029460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3296eb731d9bedf92021-12-22 12:47:05.944root 11241100x80000000000000004029461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0401dd64094a1c112021-12-22 12:47:05.944root 11241100x80000000000000004029462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8088dc57d977ad72021-12-22 12:47:05.944root 11241100x80000000000000004029463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a61b8a1d5f26bea2021-12-22 12:47:05.944root 11241100x80000000000000004029464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75058ce199486dbf2021-12-22 12:47:05.944root 11241100x80000000000000004029465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4a2354831ce52a2021-12-22 12:47:05.944root 11241100x80000000000000004029466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd5d2d1d8ddbcae2021-12-22 12:47:05.944root 11241100x80000000000000004029467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7cafb9b3cf7ae12021-12-22 12:47:05.945root 11241100x80000000000000004029468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06eb0b7cf44f31a52021-12-22 12:47:05.945root 11241100x80000000000000004029469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bcea2cabad55022021-12-22 12:47:05.945root 11241100x80000000000000004029470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2463461e9b13912021-12-22 12:47:05.945root 11241100x80000000000000004029471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39342f7234876e0d2021-12-22 12:47:05.945root 11241100x80000000000000004029472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cf7ca919e576402021-12-22 12:47:05.946root 11241100x80000000000000004029473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa1ec94f853c49d2021-12-22 12:47:05.946root 11241100x80000000000000004029474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb5118d9c4338da2021-12-22 12:47:05.946root 11241100x80000000000000004029475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1743b79ef7b4c96c2021-12-22 12:47:05.946root 11241100x80000000000000004029476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2045cc5ab52087042021-12-22 12:47:05.947root 11241100x80000000000000004029477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55473e019966ec12021-12-22 12:47:05.947root 11241100x80000000000000004029478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddde5875c787a33b2021-12-22 12:47:05.947root 11241100x80000000000000004029479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afee99d79332b7d42021-12-22 12:47:05.947root 11241100x80000000000000004029480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8abb4a01a33bbb52021-12-22 12:47:05.948root 11241100x80000000000000004029481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f9fb9192de58b42021-12-22 12:47:05.948root 23542300x80000000000000004029482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.040{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004029483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b88a5e7feb9b172021-12-22 12:47:06.443root 11241100x80000000000000004029484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5803b103353c0f222021-12-22 12:47:06.443root 11241100x80000000000000004029485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7d43268f42ded52021-12-22 12:47:06.443root 11241100x80000000000000004029486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6554d7b8a0c957542021-12-22 12:47:06.443root 11241100x80000000000000004029487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bfd7f45076c6782021-12-22 12:47:06.443root 11241100x80000000000000004029488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a444a07715cbb4b22021-12-22 12:47:06.443root 11241100x80000000000000004029489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ae789c60611bfc2021-12-22 12:47:06.443root 11241100x80000000000000004029490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0a334a10ac28cb2021-12-22 12:47:06.444root 11241100x80000000000000004029491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae96a675ab9e16f52021-12-22 12:47:06.444root 11241100x80000000000000004029492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2ab625021415892021-12-22 12:47:06.444root 11241100x80000000000000004029493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe58ae0aa7906dc52021-12-22 12:47:06.444root 11241100x80000000000000004029494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732e2906707295852021-12-22 12:47:06.444root 11241100x80000000000000004029495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7f28c919ca610d2021-12-22 12:47:06.444root 11241100x80000000000000004029496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33ecac11c2a3f692021-12-22 12:47:06.444root 11241100x80000000000000004029497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1911a6e4e631e12b2021-12-22 12:47:06.444root 11241100x80000000000000004029498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc07e8c1cce5da182021-12-22 12:47:06.444root 11241100x80000000000000004029499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038c36e2f364188a2021-12-22 12:47:06.444root 11241100x80000000000000004029500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833ea7653ed7e82c2021-12-22 12:47:06.445root 11241100x80000000000000004029501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb6a542e8a4318f2021-12-22 12:47:06.445root 11241100x80000000000000004029502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a526d944702c6c12021-12-22 12:47:06.445root 11241100x80000000000000004029503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8672e44ed747cd2021-12-22 12:47:06.445root 11241100x80000000000000004029504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421f070f005d6be02021-12-22 12:47:06.445root 11241100x80000000000000004029505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a7674caf305b2a2021-12-22 12:47:06.445root 11241100x80000000000000004029506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec6404df93e072a2021-12-22 12:47:06.445root 11241100x80000000000000004029507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ac682927d59dd32021-12-22 12:47:06.445root 11241100x80000000000000004029508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0a3dba05f8ec3e2021-12-22 12:47:06.445root 11241100x80000000000000004029509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40492aa7d69653522021-12-22 12:47:06.943root 11241100x80000000000000004029510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba61a8890a5033d42021-12-22 12:47:06.943root 11241100x80000000000000004029511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167981b56982ac212021-12-22 12:47:06.943root 11241100x80000000000000004029512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66cb66107ff0df22021-12-22 12:47:06.943root 11241100x80000000000000004029513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b2caf83a2d755d2021-12-22 12:47:06.944root 11241100x80000000000000004029514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d94ff5655b06bb02021-12-22 12:47:06.944root 11241100x80000000000000004029515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6991c4c5ca434142021-12-22 12:47:06.944root 11241100x80000000000000004029516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa8339a1044e1802021-12-22 12:47:06.944root 11241100x80000000000000004029517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661c8307faed26f62021-12-22 12:47:06.944root 11241100x80000000000000004029518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f86d5baf8e60d82021-12-22 12:47:06.944root 11241100x80000000000000004029519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb24ae05e6a594e2021-12-22 12:47:06.944root 11241100x80000000000000004029520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcc34a72b2a5a9a2021-12-22 12:47:06.944root 11241100x80000000000000004029521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a97bb9b44a87aa2021-12-22 12:47:06.944root 11241100x80000000000000004029522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5478a2b711cff3a12021-12-22 12:47:06.944root 11241100x80000000000000004029523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07197618ff8654e52021-12-22 12:47:06.944root 11241100x80000000000000004029524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0c5fbf987cfdc12021-12-22 12:47:06.944root 11241100x80000000000000004029525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d86971b120665a2021-12-22 12:47:06.944root 11241100x80000000000000004029526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb05b151c03331b92021-12-22 12:47:06.944root 11241100x80000000000000004029527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8ecbdc04cc36c82021-12-22 12:47:06.945root 11241100x80000000000000004029528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48f75387873e0bd2021-12-22 12:47:06.945root 11241100x80000000000000004029529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f0eaa80a58081e2021-12-22 12:47:06.945root 11241100x80000000000000004029530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a0cc1d72b0dec12021-12-22 12:47:06.945root 11241100x80000000000000004029531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba8116af7e21e282021-12-22 12:47:06.945root 11241100x80000000000000004029532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924f2c5aac88007a2021-12-22 12:47:06.945root 11241100x80000000000000004029533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e98702cb84604c42021-12-22 12:47:06.945root 354300x80000000000000004029534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.074{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56902-false10.0.1.12-8000- 11241100x80000000000000004029535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f913febdaf03ae82021-12-22 12:47:07.443root 11241100x80000000000000004029536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1ecd20dfec41f82021-12-22 12:47:07.443root 11241100x80000000000000004029537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afbf2d240cc5fa02021-12-22 12:47:07.443root 11241100x80000000000000004029538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdb2fc9794a23012021-12-22 12:47:07.443root 11241100x80000000000000004029539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c3830ef62e15542021-12-22 12:47:07.444root 11241100x80000000000000004029540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7021adb2b342e62021-12-22 12:47:07.444root 11241100x80000000000000004029541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13c4c2b0a23e1842021-12-22 12:47:07.444root 11241100x80000000000000004029542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69465786e92492e12021-12-22 12:47:07.444root 11241100x80000000000000004029543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff7b90c1e960a542021-12-22 12:47:07.445root 11241100x80000000000000004029544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8ce08fbed4296e2021-12-22 12:47:07.445root 11241100x80000000000000004029545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7f022506c62b242021-12-22 12:47:07.445root 11241100x80000000000000004029546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e55f0cd4ee5c65d2021-12-22 12:47:07.445root 11241100x80000000000000004029547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c37e3ef563e65342021-12-22 12:47:07.445root 11241100x80000000000000004029548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49b7b485bb323392021-12-22 12:47:07.445root 11241100x80000000000000004029549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfcfbcad857d7642021-12-22 12:47:07.445root 11241100x80000000000000004029550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f210277c5c3d18b12021-12-22 12:47:07.446root 11241100x80000000000000004029551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f6f1c3483d0aea2021-12-22 12:47:07.446root 11241100x80000000000000004029552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b257bda107f7162021-12-22 12:47:07.446root 11241100x80000000000000004029553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98664d0c41398682021-12-22 12:47:07.446root 11241100x80000000000000004029554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52cdda0df65ecf22021-12-22 12:47:07.446root 11241100x80000000000000004029555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0713005ad7619c2021-12-22 12:47:07.446root 11241100x80000000000000004029556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cff359687f5c912021-12-22 12:47:07.447root 11241100x80000000000000004029557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9407415f95b94a2021-12-22 12:47:07.447root 11241100x80000000000000004029558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff1220dade7a1ed2021-12-22 12:47:07.447root 11241100x80000000000000004029559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca32b2aaaf345062021-12-22 12:47:07.447root 11241100x80000000000000004029560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03901fb3c6643c682021-12-22 12:47:07.447root 11241100x80000000000000004029561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd47e45a9dcaee632021-12-22 12:47:07.448root 11241100x80000000000000004029562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb738c66769a71e52021-12-22 12:47:07.448root 11241100x80000000000000004029563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820cc0934d0ab1a72021-12-22 12:47:07.448root 11241100x80000000000000004029564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777ba44cde57fe6c2021-12-22 12:47:07.448root 11241100x80000000000000004029565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a630ae72dabc6872021-12-22 12:47:07.448root 11241100x80000000000000004029566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df8f64fce0ac9672021-12-22 12:47:07.448root 11241100x80000000000000004029567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d50143f1facb692021-12-22 12:47:07.449root 11241100x80000000000000004029568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022c7a2a626d0da92021-12-22 12:47:07.449root 11241100x80000000000000004029569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebac7af225cff50a2021-12-22 12:47:07.449root 11241100x80000000000000004029570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0894260eb7be21582021-12-22 12:47:07.449root 154100x80000000000000004029571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.914{ec2b6afe-1e4b-61c3-e8e6-93b77e550000}22738/bin/ls-----ls --color=auto -l/ubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000004029572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.916{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f177da4457ef672021-12-22 12:47:07.916root 11241100x80000000000000004029573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.916{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866028a236f5cdcc2021-12-22 12:47:07.916root 11241100x80000000000000004029574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.916{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549f04d4c52042642021-12-22 12:47:07.916root 11241100x80000000000000004029575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.917{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8fb1d3a8d6b6f52021-12-22 12:47:07.917root 11241100x80000000000000004029576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.917{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaf542129458f2d2021-12-22 12:47:07.917root 11241100x80000000000000004029577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.917{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fdd21afbdc3d972021-12-22 12:47:07.917root 11241100x80000000000000004029578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.917{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d75f2095fc4de4d2021-12-22 12:47:07.917root 11241100x80000000000000004029579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.917{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5864ca4028f0e72021-12-22 12:47:07.917root 11241100x80000000000000004029580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.917{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bcc5f08b9d997d2021-12-22 12:47:07.917root 11241100x80000000000000004029581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.917{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1695975b873b25a52021-12-22 12:47:07.917root 11241100x80000000000000004029582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.917{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78358c35ad69cceb2021-12-22 12:47:07.917root 11241100x80000000000000004029583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.917{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416b48ea81763e3e2021-12-22 12:47:07.917root 11241100x80000000000000004029584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f1b2843537afef2021-12-22 12:47:07.918root 11241100x80000000000000004029585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0320a90cf8ab68632021-12-22 12:47:07.918root 11241100x80000000000000004029586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac5e2e63881b8702021-12-22 12:47:07.918root 11241100x80000000000000004029587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e7e96caad12132021-12-22 12:47:07.918root 11241100x80000000000000004029588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da1259845ac33e42021-12-22 12:47:07.918root 11241100x80000000000000004029589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4bbce363786b7f2021-12-22 12:47:07.918root 11241100x80000000000000004029590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8072f4eebc80742021-12-22 12:47:07.918root 11241100x80000000000000004029591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeddf8ffcdba59322021-12-22 12:47:07.918root 11241100x80000000000000004029592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb147f2ce31cda2c2021-12-22 12:47:07.918root 534500x80000000000000004029593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.917{ec2b6afe-1e4b-61c3-e8e6-93b77e550000}22738/bin/lsubuntu 11241100x80000000000000004029594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b980f18d03ceb932021-12-22 12:47:07.918root 11241100x80000000000000004029595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274d2591bacf9e712021-12-22 12:47:07.918root 11241100x80000000000000004029596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8002083b30100e8e2021-12-22 12:47:07.919root 11241100x80000000000000004029597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9dce66fd66c2052021-12-22 12:47:07.919root 11241100x80000000000000004029598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a71124bc455c422021-12-22 12:47:07.919root 11241100x80000000000000004029599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc73f31c6cb51802021-12-22 12:47:07.919root 11241100x80000000000000004029600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1218615193fae162021-12-22 12:47:07.919root 11241100x80000000000000004029601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fef92218962c3782021-12-22 12:47:07.919root 11241100x80000000000000004029602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c211601e97f5d87f2021-12-22 12:47:07.919root 11241100x80000000000000004029603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e659e94c797a102021-12-22 12:47:07.919root 11241100x80000000000000004029604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:07.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f54617f0a130bab2021-12-22 12:47:07.919root 11241100x80000000000000004029605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e769b0b065f8192021-12-22 12:47:08.193root 11241100x80000000000000004029606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023659c3a7a642a12021-12-22 12:47:08.193root 11241100x80000000000000004029607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e630314fb4d822252021-12-22 12:47:08.193root 11241100x80000000000000004029608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fa3eb35c218e062021-12-22 12:47:08.193root 11241100x80000000000000004029609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1581389250c6c182021-12-22 12:47:08.193root 11241100x80000000000000004029610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43720e9786847112021-12-22 12:47:08.193root 11241100x80000000000000004029611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d75c18e09d3bb082021-12-22 12:47:08.193root 11241100x80000000000000004029612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba3b94dc1a8b8c02021-12-22 12:47:08.193root 11241100x80000000000000004029613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be46bc215d7660c2021-12-22 12:47:08.193root 11241100x80000000000000004029614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9335b25ea4e8b13b2021-12-22 12:47:08.194root 11241100x80000000000000004029615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0885d0873c26372021-12-22 12:47:08.194root 11241100x80000000000000004029616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a748e73c537992422021-12-22 12:47:08.194root 11241100x80000000000000004029617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15318be0ee89a352021-12-22 12:47:08.194root 11241100x80000000000000004029618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6d1611ba29942e2021-12-22 12:47:08.194root 11241100x80000000000000004029619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b895e58ef620d52021-12-22 12:47:08.194root 11241100x80000000000000004029620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff3695e8a9a7442021-12-22 12:47:08.194root 11241100x80000000000000004029621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b7a69a70b57f492021-12-22 12:47:08.194root 11241100x80000000000000004029622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d5c9071ec52cdc2021-12-22 12:47:08.195root 11241100x80000000000000004029623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6067be3936a811c82021-12-22 12:47:08.195root 11241100x80000000000000004029624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5a8191bdb94f082021-12-22 12:47:08.195root 11241100x80000000000000004029625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893fe1f8e09c761d2021-12-22 12:47:08.196root 11241100x80000000000000004029626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73db1ac1e49672062021-12-22 12:47:08.196root 11241100x80000000000000004029627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dddcf3abe37b7e2021-12-22 12:47:08.196root 11241100x80000000000000004029628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b41ec6188503e42021-12-22 12:47:08.196root 11241100x80000000000000004029629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb5fc0d8236240f2021-12-22 12:47:08.196root 11241100x80000000000000004029630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db1f30696ca7dd32021-12-22 12:47:08.197root 11241100x80000000000000004029631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d5bc02829ec0ea2021-12-22 12:47:08.197root 11241100x80000000000000004029632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059c53078e67c0622021-12-22 12:47:08.197root 11241100x80000000000000004029633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d167cfebe301342021-12-22 12:47:08.693root 11241100x80000000000000004029634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17384bd2e04046632021-12-22 12:47:08.693root 11241100x80000000000000004029635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfd4b13c77a2f8b2021-12-22 12:47:08.693root 11241100x80000000000000004029636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569417a4b9d585bb2021-12-22 12:47:08.694root 11241100x80000000000000004029637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96dda565bdc41db2021-12-22 12:47:08.694root 11241100x80000000000000004029638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3dfec0eef6e9bc2021-12-22 12:47:08.694root 11241100x80000000000000004029639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9789b440bb9b61cd2021-12-22 12:47:08.694root 11241100x80000000000000004029640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a541e13bfae041fa2021-12-22 12:47:08.695root 11241100x80000000000000004029641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4012f26980b6a62021-12-22 12:47:08.695root 11241100x80000000000000004029642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e44822e25952d5e2021-12-22 12:47:08.695root 11241100x80000000000000004029643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db316ed0a9fd66b12021-12-22 12:47:08.695root 11241100x80000000000000004029644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dd72e78b64a5622021-12-22 12:47:08.696root 11241100x80000000000000004029645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1b7df10479038d2021-12-22 12:47:08.696root 11241100x80000000000000004029646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4420f4bfcf52bb742021-12-22 12:47:08.696root 11241100x80000000000000004029647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb788cefa55c69bf2021-12-22 12:47:08.696root 11241100x80000000000000004029648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cb5dfd49ef4bc12021-12-22 12:47:08.697root 11241100x80000000000000004029649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac523c39f915caf2021-12-22 12:47:08.697root 11241100x80000000000000004029650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3a52d5f7f460ea2021-12-22 12:47:08.697root 11241100x80000000000000004029651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ad5ef6c6bb999d2021-12-22 12:47:08.697root 11241100x80000000000000004029652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d363b3424e3928352021-12-22 12:47:08.698root 11241100x80000000000000004029653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786aab0c55fa7db92021-12-22 12:47:08.698root 11241100x80000000000000004029654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b6886ae98721d02021-12-22 12:47:08.698root 11241100x80000000000000004029655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c385c6117fd112a42021-12-22 12:47:08.698root 11241100x80000000000000004029656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db092d5ee55aa0c22021-12-22 12:47:08.699root 11241100x80000000000000004029657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624f49cdbdb8901e2021-12-22 12:47:08.699root 11241100x80000000000000004029658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2b09349f0348542021-12-22 12:47:08.699root 11241100x80000000000000004029659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513ec6bc8db016732021-12-22 12:47:08.699root 11241100x80000000000000004029660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0424e0b28a2060402021-12-22 12:47:08.700root 11241100x80000000000000004029661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a6fad50ec637132021-12-22 12:47:08.700root 11241100x80000000000000004029662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94592d9a24a51db62021-12-22 12:47:08.700root 11241100x80000000000000004029663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:08.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee1401fabf1f6ae2021-12-22 12:47:08.700root 11241100x80000000000000004029664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9572d95ae038f9082021-12-22 12:47:09.193root 11241100x80000000000000004029665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f90160496971ce2021-12-22 12:47:09.194root 11241100x80000000000000004029666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c916bfb2109c302021-12-22 12:47:09.194root 11241100x80000000000000004029667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3878b81ef516785e2021-12-22 12:47:09.194root 11241100x80000000000000004029668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f01afbfb0c558612021-12-22 12:47:09.194root 11241100x80000000000000004029669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f21815f50431af2021-12-22 12:47:09.195root 11241100x80000000000000004029670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88e1c09174304612021-12-22 12:47:09.195root 11241100x80000000000000004029671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ed70cf85da623f2021-12-22 12:47:09.195root 11241100x80000000000000004029672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae71718b8c17d60c2021-12-22 12:47:09.195root 11241100x80000000000000004029673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4d208b0ad004132021-12-22 12:47:09.196root 11241100x80000000000000004029674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a951d84ec8013a842021-12-22 12:47:09.196root 11241100x80000000000000004029675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b232ec529350ab822021-12-22 12:47:09.196root 11241100x80000000000000004029676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a997a4cfae5af132021-12-22 12:47:09.196root 11241100x80000000000000004029677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a4947b1ce0cca32021-12-22 12:47:09.196root 11241100x80000000000000004029678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c4bcfaa76783a02021-12-22 12:47:09.196root 11241100x80000000000000004029679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf8b166a4bafa492021-12-22 12:47:09.196root 11241100x80000000000000004029680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deae73a2a25cd6d22021-12-22 12:47:09.196root 11241100x80000000000000004029681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6c34b7945a5c932021-12-22 12:47:09.196root 11241100x80000000000000004029682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9a85dcab80c3e02021-12-22 12:47:09.196root 11241100x80000000000000004029683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7be4274cdae4cf42021-12-22 12:47:09.197root 11241100x80000000000000004029684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02753980e69d3d592021-12-22 12:47:09.197root 11241100x80000000000000004029685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6136c49d8fa57dae2021-12-22 12:47:09.197root 11241100x80000000000000004029686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb23e3cf57bc4a12021-12-22 12:47:09.197root 11241100x80000000000000004029687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f061f88dc44c1f2021-12-22 12:47:09.197root 11241100x80000000000000004029688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac127f50deb47c12021-12-22 12:47:09.197root 11241100x80000000000000004029689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bbce62d8f8cc442021-12-22 12:47:09.197root 11241100x80000000000000004029690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f6124ab77ce34e2021-12-22 12:47:09.197root 11241100x80000000000000004029691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf3483e5f9ec1a2021-12-22 12:47:09.197root 11241100x80000000000000004029692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef1eeadbc6875c22021-12-22 12:47:09.693root 11241100x80000000000000004029693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e400e32d731ab7982021-12-22 12:47:09.693root 11241100x80000000000000004029694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f1250ca95d13372021-12-22 12:47:09.693root 11241100x80000000000000004029695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c48dd0cbce0c70b2021-12-22 12:47:09.693root 11241100x80000000000000004029696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740eafc9b9f7270d2021-12-22 12:47:09.693root 11241100x80000000000000004029697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f761def9a416fb12021-12-22 12:47:09.693root 11241100x80000000000000004029698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28dc3f97ae070bf2021-12-22 12:47:09.694root 11241100x80000000000000004029699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c56f571cf4c30f92021-12-22 12:47:09.694root 11241100x80000000000000004029700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd73b717378edbb92021-12-22 12:47:09.694root 11241100x80000000000000004029701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d5c9744b9ace262021-12-22 12:47:09.695root 11241100x80000000000000004029702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb03eb78c1672fc2021-12-22 12:47:09.695root 11241100x80000000000000004029703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad348e341a85864a2021-12-22 12:47:09.695root 11241100x80000000000000004029704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46495f00eac954eb2021-12-22 12:47:09.696root 11241100x80000000000000004029705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841ad615ab34917b2021-12-22 12:47:09.696root 11241100x80000000000000004029706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f8906cb6436e932021-12-22 12:47:09.696root 11241100x80000000000000004029707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044bf688a005da1b2021-12-22 12:47:09.696root 11241100x80000000000000004029708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbb41ba03edd46a2021-12-22 12:47:09.697root 11241100x80000000000000004029709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0fd29165533d722021-12-22 12:47:09.697root 11241100x80000000000000004029710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b7b3f3049089f82021-12-22 12:47:09.697root 11241100x80000000000000004029711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236f1621ac1987812021-12-22 12:47:09.697root 11241100x80000000000000004029712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e00c79e26e3a552021-12-22 12:47:09.697root 11241100x80000000000000004029713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece2f90078bfa0dc2021-12-22 12:47:09.697root 11241100x80000000000000004029714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff25ea27b7b1255c2021-12-22 12:47:09.697root 11241100x80000000000000004029715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d54248a507edfd2021-12-22 12:47:09.697root 11241100x80000000000000004029716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439abf7031e078042021-12-22 12:47:09.697root 11241100x80000000000000004029717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff7cecee7a9115c2021-12-22 12:47:09.698root 11241100x80000000000000004029718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877150de094f8f512021-12-22 12:47:09.698root 11241100x80000000000000004029719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420d39f1feeb61132021-12-22 12:47:09.698root 11241100x80000000000000004029720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f301af7cc976ed2021-12-22 12:47:10.193root 11241100x80000000000000004029721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaee88095de22c892021-12-22 12:47:10.194root 11241100x80000000000000004029722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47c0c9a4d3960702021-12-22 12:47:10.194root 11241100x80000000000000004029723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51d6303369dc4e72021-12-22 12:47:10.194root 11241100x80000000000000004029724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1df7f33012a7962021-12-22 12:47:10.195root 11241100x80000000000000004029725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b54548123c0fc12021-12-22 12:47:10.195root 11241100x80000000000000004029726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01961b9901dfd4b32021-12-22 12:47:10.195root 11241100x80000000000000004029727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29978a45670628312021-12-22 12:47:10.195root 11241100x80000000000000004029728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4490c22f468055642021-12-22 12:47:10.196root 11241100x80000000000000004029729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6bb23876676c2d2021-12-22 12:47:10.196root 11241100x80000000000000004029730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984e45797580a3972021-12-22 12:47:10.196root 11241100x80000000000000004029731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2576744f90eace2d2021-12-22 12:47:10.196root 11241100x80000000000000004029732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2495641397a12b582021-12-22 12:47:10.197root 11241100x80000000000000004029733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95211c935962c192021-12-22 12:47:10.197root 11241100x80000000000000004029734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6603f5e1f02244bc2021-12-22 12:47:10.197root 11241100x80000000000000004029735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f560b90181e334b32021-12-22 12:47:10.197root 11241100x80000000000000004029736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d4a32580a133cc2021-12-22 12:47:10.197root 11241100x80000000000000004029737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5738859ce54cde432021-12-22 12:47:10.197root 11241100x80000000000000004029738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f8bdc1034966442021-12-22 12:47:10.197root 11241100x80000000000000004029739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97361424e744c3a72021-12-22 12:47:10.197root 11241100x80000000000000004029740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a493e58b0f7e1c2021-12-22 12:47:10.197root 11241100x80000000000000004029741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b9f96b0aed7e9b2021-12-22 12:47:10.198root 11241100x80000000000000004029742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621d69731b44cd802021-12-22 12:47:10.198root 11241100x80000000000000004029743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a0b18c70f407412021-12-22 12:47:10.198root 11241100x80000000000000004029744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44d728efbeac85a2021-12-22 12:47:10.198root 11241100x80000000000000004029745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a5806b858799e32021-12-22 12:47:10.198root 11241100x80000000000000004029746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dad1ce088f546182021-12-22 12:47:10.198root 11241100x80000000000000004029747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8771908cccfdd68b2021-12-22 12:47:10.198root 534500x80000000000000004029748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.652{00000000-0000-0000-0000-000000000000}22739<unknown process>ubuntu 11241100x80000000000000004029749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.653{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.4bLYGf2021-12-22 12:47:10.653ubuntu 23542300x80000000000000004029750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.653{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.4bLYGf--- 11241100x80000000000000004029751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.653{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c5d3197d397d162021-12-22 12:47:10.653root 11241100x80000000000000004029752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.653{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d01673d4624538b2021-12-22 12:47:10.653root 11241100x80000000000000004029753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.654{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5478bfc44705a52021-12-22 12:47:10.654root 11241100x80000000000000004029754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.654{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4f217103e25b972021-12-22 12:47:10.654root 11241100x80000000000000004029755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.654{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558463f1749f85cb2021-12-22 12:47:10.654root 11241100x80000000000000004029756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.654{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d6faa91fa57c122021-12-22 12:47:10.654root 11241100x80000000000000004029757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.655{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89f9c806f0a16ce2021-12-22 12:47:10.655root 11241100x80000000000000004029758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.655{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9a3ae7ec984e342021-12-22 12:47:10.655root 11241100x80000000000000004029759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.655{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433c641e50a061652021-12-22 12:47:10.655root 11241100x80000000000000004029760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.655{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e35e669abe01742021-12-22 12:47:10.655root 11241100x80000000000000004029761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.656{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d7ed01865af6522021-12-22 12:47:10.656root 11241100x80000000000000004029762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.656{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b240870d5bd3a82021-12-22 12:47:10.656root 11241100x80000000000000004029763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.656{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacce04a7e054dab2021-12-22 12:47:10.656root 11241100x80000000000000004029764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.656{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6173a8af7a22fc132021-12-22 12:47:10.656root 11241100x80000000000000004029765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.657{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b529017466265fdc2021-12-22 12:47:10.657root 11241100x80000000000000004029766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.657{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e6b4a09b5bdedc2021-12-22 12:47:10.657root 11241100x80000000000000004029767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.657{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f28e5ed651cf3a2021-12-22 12:47:10.657root 11241100x80000000000000004029768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.657{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23441f103dd82f262021-12-22 12:47:10.657root 11241100x80000000000000004029769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.657{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6447fa1208aba872021-12-22 12:47:10.657root 11241100x80000000000000004029770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.658{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252cbec4bab2b5222021-12-22 12:47:10.658root 11241100x80000000000000004029771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.658{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86a0d9ee4be270d2021-12-22 12:47:10.658root 11241100x80000000000000004029772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.658{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96827d57d7f5bd742021-12-22 12:47:10.658root 11241100x80000000000000004029773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.658{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88257f214743666b2021-12-22 12:47:10.658root 11241100x80000000000000004029774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.658{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef266aa6969b89f32021-12-22 12:47:10.658root 11241100x80000000000000004029775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.658{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c53d11f39e680e32021-12-22 12:47:10.658root 11241100x80000000000000004029776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.659{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c46a9837e1e5ee2021-12-22 12:47:10.659root 11241100x80000000000000004029777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.659{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232e6220bdc80ce32021-12-22 12:47:10.659root 11241100x80000000000000004029778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.659{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67001366cd2a5a772021-12-22 12:47:10.659root 11241100x80000000000000004029779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.659{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e793d6d37c59a62021-12-22 12:47:10.659root 11241100x80000000000000004029780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.659{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaba4498b1b28962021-12-22 12:47:10.659root 11241100x80000000000000004029781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.659{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f04a7025b9ad3272021-12-22 12:47:10.659root 11241100x80000000000000004029782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.659{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4d801f5147175a2021-12-22 12:47:10.659root 11241100x80000000000000004029783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.660{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c43c06c1ce150fe2021-12-22 12:47:10.660root 11241100x80000000000000004029784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.660{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e324c708c45512a2021-12-22 12:47:10.660root 11241100x80000000000000004029785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.660{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cb5896905d4bcd2021-12-22 12:47:10.660root 11241100x80000000000000004029786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a734b1e5a7238b302021-12-22 12:47:10.943root 11241100x80000000000000004029787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66b6d8ffd854d4e2021-12-22 12:47:10.943root 11241100x80000000000000004029788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d353078124314a2021-12-22 12:47:10.943root 11241100x80000000000000004029789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537ba588f3d129242021-12-22 12:47:10.943root 11241100x80000000000000004029790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12d32b30e95a8c72021-12-22 12:47:10.943root 11241100x80000000000000004029791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37d834cf2dd500a2021-12-22 12:47:10.943root 11241100x80000000000000004029792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5ca3ecd0f964d42021-12-22 12:47:10.943root 11241100x80000000000000004029793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e497c48019f89c802021-12-22 12:47:10.944root 11241100x80000000000000004029794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1824c9f53b09a72021-12-22 12:47:10.944root 11241100x80000000000000004029795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f16564c4f377a22021-12-22 12:47:10.944root 11241100x80000000000000004029796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edec459361485772021-12-22 12:47:10.944root 11241100x80000000000000004029797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f887f317b520012021-12-22 12:47:10.944root 11241100x80000000000000004029798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3298b78e6e03ec542021-12-22 12:47:10.944root 11241100x80000000000000004029799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb204304cb859e562021-12-22 12:47:10.944root 11241100x80000000000000004029800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b990c5fef526d722021-12-22 12:47:10.944root 11241100x80000000000000004029801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4585d7077e9c94e2021-12-22 12:47:10.944root 11241100x80000000000000004029802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4439be1f944bce8b2021-12-22 12:47:10.945root 11241100x80000000000000004029803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d90de0097bbde902021-12-22 12:47:10.945root 11241100x80000000000000004029804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63f3c5071b38cad2021-12-22 12:47:10.945root 11241100x80000000000000004029805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdca8a9c933bccd2021-12-22 12:47:10.945root 11241100x80000000000000004029806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9118c4fcf47b73dd2021-12-22 12:47:10.945root 11241100x80000000000000004029807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d274a96e42d89b2021-12-22 12:47:10.945root 11241100x80000000000000004029808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4749164551c65b62021-12-22 12:47:10.945root 11241100x80000000000000004029809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ef3808f7494bc92021-12-22 12:47:10.945root 11241100x80000000000000004029810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97550f65d7663052021-12-22 12:47:10.946root 11241100x80000000000000004029811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0503537c588193a2021-12-22 12:47:10.946root 11241100x80000000000000004029812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d4f3a84b8a5f302021-12-22 12:47:10.946root 11241100x80000000000000004029813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc202b5a822f01c2021-12-22 12:47:10.946root 11241100x80000000000000004029814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5453ae407486447d2021-12-22 12:47:10.946root 11241100x80000000000000004029815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e94e53dcb47d31a2021-12-22 12:47:10.946root 11241100x80000000000000004029816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa8a1547b431d9c2021-12-22 12:47:10.946root 11241100x80000000000000004029817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d652a96b1c42dc92021-12-22 12:47:10.946root 11241100x80000000000000004029818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f165d7a13b2f6c1d2021-12-22 12:47:10.946root 11241100x80000000000000004029819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77a503a350ad4482021-12-22 12:47:10.946root 11241100x80000000000000004029820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a34bd5da5624342021-12-22 12:47:10.947root 11241100x80000000000000004029821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84a3aca7d5cc5112021-12-22 12:47:10.947root 11241100x80000000000000004029822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36293b9f9864133b2021-12-22 12:47:10.947root 11241100x80000000000000004029823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95d712e90cb2c9d2021-12-22 12:47:10.947root 11241100x80000000000000004029824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47b3599b79e233f2021-12-22 12:47:10.947root 11241100x80000000000000004029825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b16485293c3a2b2021-12-22 12:47:10.947root 11241100x80000000000000004029826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f609a0b05fd9e8f2021-12-22 12:47:10.947root 11241100x80000000000000004029827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d722f1febc87692021-12-22 12:47:10.947root 11241100x80000000000000004029828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23609b711ade06192021-12-22 12:47:10.948root 11241100x80000000000000004029829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99ec147b7ad32282021-12-22 12:47:10.948root 11241100x80000000000000004029830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc551dc64b8fa8b2021-12-22 12:47:10.948root 11241100x80000000000000004029831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e1667403bb4fa82021-12-22 12:47:10.948root 11241100x80000000000000004029832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac24a6e425b7dd202021-12-22 12:47:10.948root 11241100x80000000000000004029833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cec6662afc113a2021-12-22 12:47:11.443root 11241100x80000000000000004029834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9897772d4460e6a32021-12-22 12:47:11.443root 11241100x80000000000000004029835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd60c62355b501152021-12-22 12:47:11.443root 11241100x80000000000000004029836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba5474bbdc310c82021-12-22 12:47:11.443root 11241100x80000000000000004029837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e3205fa4db723e2021-12-22 12:47:11.444root 11241100x80000000000000004029838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be18ae15bb7254b62021-12-22 12:47:11.444root 11241100x80000000000000004029839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d41e4a10b3d84fc2021-12-22 12:47:11.444root 11241100x80000000000000004029840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40936635eafdfe4c2021-12-22 12:47:11.444root 11241100x80000000000000004029841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dd02aa510525fe2021-12-22 12:47:11.445root 11241100x80000000000000004029842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537634683321b2be2021-12-22 12:47:11.445root 11241100x80000000000000004029843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb447f2288af5ab2021-12-22 12:47:11.445root 11241100x80000000000000004029844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39912c67fd62948f2021-12-22 12:47:11.445root 11241100x80000000000000004029845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd00169b7d06ad8b2021-12-22 12:47:11.446root 11241100x80000000000000004029846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6656c4745173e4f2021-12-22 12:47:11.446root 11241100x80000000000000004029847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d7d4f474875b262021-12-22 12:47:11.446root 11241100x80000000000000004029848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a569a2dc073fc7c2021-12-22 12:47:11.447root 11241100x80000000000000004029849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cc768d2c006ada2021-12-22 12:47:11.447root 11241100x80000000000000004029850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f17c4bf7ecdef202021-12-22 12:47:11.447root 11241100x80000000000000004029851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9542158c85c529e32021-12-22 12:47:11.447root 11241100x80000000000000004029852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05941dbf603a74fe2021-12-22 12:47:11.447root 11241100x80000000000000004029853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a383b62db0373d792021-12-22 12:47:11.448root 11241100x80000000000000004029854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe38a1503d36ae5a2021-12-22 12:47:11.448root 11241100x80000000000000004029855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be32a52ab56791e42021-12-22 12:47:11.448root 11241100x80000000000000004029856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71091cf7d7120e1e2021-12-22 12:47:11.448root 11241100x80000000000000004029857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e324338821d1a082021-12-22 12:47:11.448root 11241100x80000000000000004029858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbe704fbbd043432021-12-22 12:47:11.448root 11241100x80000000000000004029859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f93a2313d6a17e2021-12-22 12:47:11.448root 11241100x80000000000000004029860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64314ad346e19382021-12-22 12:47:11.449root 11241100x80000000000000004029861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e3bc2a5751370d2021-12-22 12:47:11.449root 11241100x80000000000000004029862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baccdbf3f59d71d62021-12-22 12:47:11.449root 11241100x80000000000000004029863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a16325d53e5bb42021-12-22 12:47:11.449root 11241100x80000000000000004029864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730b339dea6946492021-12-22 12:47:11.449root 11241100x80000000000000004029865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c098d2764d355db2021-12-22 12:47:11.449root 11241100x80000000000000004029866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f8e52641a971bb2021-12-22 12:47:11.449root 11241100x80000000000000004029867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fbca9f59f0d3c92021-12-22 12:47:11.449root 11241100x80000000000000004029868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a67cf13cfbffebc2021-12-22 12:47:11.943root 11241100x80000000000000004029869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd503fe0bde7bb642021-12-22 12:47:11.943root 11241100x80000000000000004029870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a128c0243bd7452021-12-22 12:47:11.943root 11241100x80000000000000004029871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bc07dfa8d1ba662021-12-22 12:47:11.943root 11241100x80000000000000004029872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec87bbd6a113fb92021-12-22 12:47:11.944root 11241100x80000000000000004029873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37874e76dd816a692021-12-22 12:47:11.944root 11241100x80000000000000004029874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cc039211045cab2021-12-22 12:47:11.944root 11241100x80000000000000004029875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97af8e0a7c47ce342021-12-22 12:47:11.944root 11241100x80000000000000004029876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee7a69a4417c11d2021-12-22 12:47:11.944root 11241100x80000000000000004029877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893b5932920850c52021-12-22 12:47:11.944root 11241100x80000000000000004029878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71751542f200e6752021-12-22 12:47:11.944root 11241100x80000000000000004029879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb3afd57cf2b8372021-12-22 12:47:11.944root 11241100x80000000000000004029880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf889f4724be1672021-12-22 12:47:11.944root 11241100x80000000000000004029881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0dc1c6c6eecc482021-12-22 12:47:11.945root 11241100x80000000000000004029882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552bd2760edfb3d32021-12-22 12:47:11.945root 11241100x80000000000000004029883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1d835ab59c03eb2021-12-22 12:47:11.945root 11241100x80000000000000004029884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e415399c46292a82021-12-22 12:47:11.945root 11241100x80000000000000004029885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8c37fc83beecac2021-12-22 12:47:11.945root 11241100x80000000000000004029886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d00b618697b1f22021-12-22 12:47:11.945root 11241100x80000000000000004029887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84ddf62a4ad655f2021-12-22 12:47:11.945root 11241100x80000000000000004029888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921f4747e976431b2021-12-22 12:47:11.945root 11241100x80000000000000004029889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f359fb4c1af607b62021-12-22 12:47:11.945root 11241100x80000000000000004029890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e6900c0e475ac62021-12-22 12:47:11.945root 11241100x80000000000000004029891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e4d1af2dbcf0b02021-12-22 12:47:11.946root 11241100x80000000000000004029892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc67f621a0fcfa272021-12-22 12:47:11.946root 11241100x80000000000000004029893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025e1ef912f143902021-12-22 12:47:11.946root 11241100x80000000000000004029894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ad626590022c722021-12-22 12:47:11.946root 11241100x80000000000000004029895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dcd719238d6db02021-12-22 12:47:11.946root 11241100x80000000000000004029896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe7d4f1f68e72152021-12-22 12:47:11.946root 11241100x80000000000000004029897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55d04a8f98177782021-12-22 12:47:11.946root 11241100x80000000000000004029898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf547c6b6bff6cc92021-12-22 12:47:11.947root 11241100x80000000000000004029899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13527439b4aa7f392021-12-22 12:47:11.947root 11241100x80000000000000004029900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6946d1c1e2fb9a2021-12-22 12:47:12.443root 11241100x80000000000000004029901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4583a32b69c14c22021-12-22 12:47:12.443root 11241100x80000000000000004029902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b78cef81a662672021-12-22 12:47:12.443root 11241100x80000000000000004029903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2305984cd566f0a2021-12-22 12:47:12.444root 11241100x80000000000000004029904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17160526d34fbd82021-12-22 12:47:12.444root 11241100x80000000000000004029905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701aece401b4ec5b2021-12-22 12:47:12.444root 11241100x80000000000000004029906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcaca88acb46a522021-12-22 12:47:12.444root 11241100x80000000000000004029907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0ace1e07ffd12d2021-12-22 12:47:12.444root 11241100x80000000000000004029908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d2578ff69994e52021-12-22 12:47:12.444root 11241100x80000000000000004029909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac3ff451e07d0bf2021-12-22 12:47:12.444root 11241100x80000000000000004029910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1430bde4c53e00202021-12-22 12:47:12.444root 11241100x80000000000000004029911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ac3d6b325ae8b82021-12-22 12:47:12.444root 11241100x80000000000000004029912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40df1900b4992192021-12-22 12:47:12.444root 11241100x80000000000000004029913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9c97cba4e923f42021-12-22 12:47:12.444root 11241100x80000000000000004029914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e8ac90c362b1f62021-12-22 12:47:12.444root 11241100x80000000000000004029915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812cce777a94e5f52021-12-22 12:47:12.444root 11241100x80000000000000004029916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc96c11a6b305b982021-12-22 12:47:12.444root 11241100x80000000000000004029917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ce1d12d3d97a4f2021-12-22 12:47:12.445root 11241100x80000000000000004029918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48885579e332a08e2021-12-22 12:47:12.445root 11241100x80000000000000004029919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b704db586336822021-12-22 12:47:12.445root 11241100x80000000000000004029920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9d34ed7038b6b82021-12-22 12:47:12.445root 11241100x80000000000000004029921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f33e020d69589402021-12-22 12:47:12.445root 11241100x80000000000000004029922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb0f10dcb2f4a0f2021-12-22 12:47:12.445root 11241100x80000000000000004029923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4398a87b6cdd3c142021-12-22 12:47:12.445root 11241100x80000000000000004029924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f8e8e842aa41f82021-12-22 12:47:12.445root 11241100x80000000000000004029925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06f4457bb46dc4f2021-12-22 12:47:12.445root 11241100x80000000000000004029926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bef19b536e30212021-12-22 12:47:12.445root 11241100x80000000000000004029927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce84383c6bd13952021-12-22 12:47:12.445root 11241100x80000000000000004029928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3086cf8416960a7c2021-12-22 12:47:12.445root 11241100x80000000000000004029929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6998de69b88c9c832021-12-22 12:47:12.445root 11241100x80000000000000004029930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34af3ab8c7e892552021-12-22 12:47:12.445root 11241100x80000000000000004029931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09fa6afe4e31d122021-12-22 12:47:12.943root 11241100x80000000000000004029932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aae7bd87dcfc45b2021-12-22 12:47:12.943root 11241100x80000000000000004029933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0341efaba4b4aac82021-12-22 12:47:12.943root 11241100x80000000000000004029934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14c213ca393bff32021-12-22 12:47:12.944root 11241100x80000000000000004029935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a30d0d5dd4011762021-12-22 12:47:12.944root 11241100x80000000000000004029936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81ae1b0ec334f4e2021-12-22 12:47:12.944root 11241100x80000000000000004029937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2bf626d6ba0e5a2021-12-22 12:47:12.944root 11241100x80000000000000004029938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04304709209d8f92021-12-22 12:47:12.944root 11241100x80000000000000004029939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51fa239d4d506ee2021-12-22 12:47:12.944root 11241100x80000000000000004029940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9be4d0cb0e9ce462021-12-22 12:47:12.944root 11241100x80000000000000004029941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe833a51169d16d42021-12-22 12:47:12.944root 11241100x80000000000000004029942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b876f54d9580202021-12-22 12:47:12.944root 11241100x80000000000000004029943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c6f6a6d62da1d52021-12-22 12:47:12.944root 11241100x80000000000000004029944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993659dca594f01d2021-12-22 12:47:12.945root 11241100x80000000000000004029945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b6fd4a7410194b2021-12-22 12:47:12.945root 11241100x80000000000000004029946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5661f19422569f2021-12-22 12:47:12.945root 11241100x80000000000000004029947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866d3a5219506b272021-12-22 12:47:12.945root 11241100x80000000000000004029948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633326fef8532b522021-12-22 12:47:12.945root 11241100x80000000000000004029949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8a0996f2aac3df2021-12-22 12:47:12.945root 11241100x80000000000000004029950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea24037c252644e2021-12-22 12:47:12.946root 11241100x80000000000000004029951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8883c4af4f277e632021-12-22 12:47:12.946root 11241100x80000000000000004029952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b1955fdb83b9172021-12-22 12:47:12.946root 11241100x80000000000000004029953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d94446d75138fff2021-12-22 12:47:12.946root 11241100x80000000000000004029954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fe0d1fdcffc44f2021-12-22 12:47:12.946root 11241100x80000000000000004029955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb870b4ac366591d2021-12-22 12:47:12.946root 11241100x80000000000000004029956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7744dcadb787ae872021-12-22 12:47:12.947root 11241100x80000000000000004029957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c920882500e2f472021-12-22 12:47:12.947root 11241100x80000000000000004029958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4552dc3124c23b382021-12-22 12:47:12.947root 11241100x80000000000000004029959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8072387b359ff762021-12-22 12:47:12.948root 11241100x80000000000000004029960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c211af2932104d0c2021-12-22 12:47:12.948root 11241100x80000000000000004029961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f09e0a481260642021-12-22 12:47:12.948root 354300x80000000000000004029962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.044{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56904-false10.0.1.12-8000- 11241100x80000000000000004029963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f96eb4857ea8492021-12-22 12:47:13.443root 11241100x80000000000000004029964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858dc44ab97324592021-12-22 12:47:13.443root 11241100x80000000000000004029965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bc666b26a8009f2021-12-22 12:47:13.443root 11241100x80000000000000004029966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdfc41b1c6c03252021-12-22 12:47:13.443root 11241100x80000000000000004029967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948dc7993043688b2021-12-22 12:47:13.443root 11241100x80000000000000004029968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c012d6fe72593c02021-12-22 12:47:13.443root 11241100x80000000000000004029969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7ad13d51a40d832021-12-22 12:47:13.443root 11241100x80000000000000004029970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12a56418fe8bb902021-12-22 12:47:13.443root 11241100x80000000000000004029971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e430c36223317c2021-12-22 12:47:13.443root 11241100x80000000000000004029972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0459f3c715ee458d2021-12-22 12:47:13.443root 11241100x80000000000000004029973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e4ac442a585f502021-12-22 12:47:13.443root 11241100x80000000000000004029974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c17c36431c2b9862021-12-22 12:47:13.443root 11241100x80000000000000004029975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759a21642bd9d1662021-12-22 12:47:13.443root 11241100x80000000000000004029976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f67c5842f408762021-12-22 12:47:13.444root 11241100x80000000000000004029977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87db313a7884d8d2021-12-22 12:47:13.444root 11241100x80000000000000004029978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218ab0d915aebd352021-12-22 12:47:13.444root 11241100x80000000000000004029979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82209a115cd2b0ca2021-12-22 12:47:13.444root 11241100x80000000000000004029980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e08fff8a9322c02021-12-22 12:47:13.444root 11241100x80000000000000004029981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efe4b273592a23c2021-12-22 12:47:13.444root 11241100x80000000000000004029982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7e5f7b68ea48cf2021-12-22 12:47:13.444root 11241100x80000000000000004029983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0076130faa64df662021-12-22 12:47:13.444root 11241100x80000000000000004029984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bf1e9e66d29ad82021-12-22 12:47:13.444root 11241100x80000000000000004029985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf43c48ec991ad52021-12-22 12:47:13.444root 11241100x80000000000000004029986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23f62873092d8352021-12-22 12:47:13.444root 11241100x80000000000000004029987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404d71ec2b3328932021-12-22 12:47:13.444root 11241100x80000000000000004029988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a55ddf40ba9f822021-12-22 12:47:13.444root 11241100x80000000000000004029989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98a30c2c1ae67ff2021-12-22 12:47:13.444root 11241100x80000000000000004029990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe262ea2006c20a2021-12-22 12:47:13.444root 11241100x80000000000000004029991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78432a3c82293c832021-12-22 12:47:13.444root 11241100x80000000000000004029992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00c0929ed64591b2021-12-22 12:47:13.444root 11241100x80000000000000004029993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ea5f42b96a3de72021-12-22 12:47:13.445root 11241100x80000000000000004029994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ac4a386f2a350c2021-12-22 12:47:13.445root 11241100x80000000000000004029995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633f4d5977eeb9672021-12-22 12:47:13.445root 11241100x80000000000000004029996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4982e913319539c2021-12-22 12:47:13.445root 11241100x80000000000000004029997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f11742f0f3d9f8e2021-12-22 12:47:13.445root 11241100x80000000000000004029998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e47c4f309a6837f2021-12-22 12:47:13.445root 11241100x80000000000000004029999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf92b02cd7e5d35d2021-12-22 12:47:13.943root 11241100x80000000000000004030000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b158e1ccc1b4c32021-12-22 12:47:13.943root 11241100x80000000000000004030001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bee24ea9fc7f2302021-12-22 12:47:13.943root 11241100x80000000000000004030002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e01b24e325ba1142021-12-22 12:47:13.944root 11241100x80000000000000004030003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacd48fb293603492021-12-22 12:47:13.944root 11241100x80000000000000004030004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9745fd0a4c3e3182021-12-22 12:47:13.945root 11241100x80000000000000004030005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8680a2b784554e32021-12-22 12:47:13.945root 11241100x80000000000000004030006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d9a35bb1cf27072021-12-22 12:47:13.945root 11241100x80000000000000004030007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a3c6c4d2f13ed62021-12-22 12:47:13.946root 11241100x80000000000000004030008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d942cb2dd3bc702021-12-22 12:47:13.946root 11241100x80000000000000004030009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88eef3272074d2ad2021-12-22 12:47:13.946root 11241100x80000000000000004030010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dc0f8b5b9ddaea2021-12-22 12:47:13.946root 11241100x80000000000000004030011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1950aec82bcb9c2021-12-22 12:47:13.947root 11241100x80000000000000004030012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7f874e874343ad2021-12-22 12:47:13.947root 11241100x80000000000000004030013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99dd862929750a262021-12-22 12:47:13.948root 11241100x80000000000000004030014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83143682747b44d32021-12-22 12:47:13.948root 11241100x80000000000000004030015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a23677980626682021-12-22 12:47:13.948root 11241100x80000000000000004030016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5e55a87a1e89712021-12-22 12:47:13.949root 11241100x80000000000000004030017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de76b842859bc6e12021-12-22 12:47:13.950root 11241100x80000000000000004030018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d1e93a81ecfd5e2021-12-22 12:47:13.950root 11241100x80000000000000004030019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02a486dba0885f12021-12-22 12:47:13.950root 11241100x80000000000000004030020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a6e993858f4d302021-12-22 12:47:13.951root 11241100x80000000000000004030021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0819e9e93f9b97732021-12-22 12:47:13.951root 11241100x80000000000000004030022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde8c1ba2c475cb12021-12-22 12:47:13.951root 11241100x80000000000000004030023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9e094abfd008672021-12-22 12:47:13.951root 11241100x80000000000000004030024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564cff63ce8650f52021-12-22 12:47:13.952root 11241100x80000000000000004030025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4be015fe84db1f2021-12-22 12:47:13.952root 11241100x80000000000000004030026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f706865b9cef192021-12-22 12:47:13.952root 11241100x80000000000000004030027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd78e311447c3002021-12-22 12:47:13.952root 11241100x80000000000000004030028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ba30f60529fd302021-12-22 12:47:13.953root 11241100x80000000000000004030029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd07212a5d28476c2021-12-22 12:47:13.953root 11241100x80000000000000004030030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f456e53a208f33882021-12-22 12:47:13.953root 11241100x80000000000000004030031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37c93e2ae99217a2021-12-22 12:47:13.953root 11241100x80000000000000004030032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ea270bc9e382982021-12-22 12:47:13.954root 11241100x80000000000000004030033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:13.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbcd24d6e4717832021-12-22 12:47:13.954root 11241100x80000000000000004030034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef58c918e8527df2021-12-22 12:47:14.443root 11241100x80000000000000004030035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2028c0e29985f55d2021-12-22 12:47:14.443root 11241100x80000000000000004030036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320068c41e7bf6662021-12-22 12:47:14.443root 11241100x80000000000000004030037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01a60abf0a4815b2021-12-22 12:47:14.444root 11241100x80000000000000004030038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2607cdcb4392fa2021-12-22 12:47:14.444root 11241100x80000000000000004030039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8293ff5d89d0de2021-12-22 12:47:14.444root 11241100x80000000000000004030040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8b99fd04e4db652021-12-22 12:47:14.444root 11241100x80000000000000004030041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cb2ffd266c84a82021-12-22 12:47:14.444root 11241100x80000000000000004030042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcca48a2b9abd7b2021-12-22 12:47:14.444root 11241100x80000000000000004030043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656520ac95a3ee5e2021-12-22 12:47:14.445root 11241100x80000000000000004030044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625c9bb8052d5f502021-12-22 12:47:14.445root 11241100x80000000000000004030045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078501fc83d0c2872021-12-22 12:47:14.445root 11241100x80000000000000004030046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eac83da7a7599602021-12-22 12:47:14.445root 11241100x80000000000000004030047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a2a3a56b9764862021-12-22 12:47:14.446root 11241100x80000000000000004030048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d3c1cee91a5c902021-12-22 12:47:14.446root 11241100x80000000000000004030049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb0d4cb7f24b8722021-12-22 12:47:14.446root 11241100x80000000000000004030050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8708c1a3430ae342021-12-22 12:47:14.446root 11241100x80000000000000004030051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ab1ee899a94b2f2021-12-22 12:47:14.446root 11241100x80000000000000004030052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21b2dad3ada9ce22021-12-22 12:47:14.447root 11241100x80000000000000004030053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df36495cae43806c2021-12-22 12:47:14.447root 11241100x80000000000000004030054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b115e515688011042021-12-22 12:47:14.447root 11241100x80000000000000004030055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff5957569e41ad22021-12-22 12:47:14.447root 11241100x80000000000000004030056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf548ec2c5c20ea62021-12-22 12:47:14.447root 11241100x80000000000000004030057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b854c3db6b23f762021-12-22 12:47:14.448root 11241100x80000000000000004030058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c6f6734753c2162021-12-22 12:47:14.448root 11241100x80000000000000004030059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd65fc744ae026292021-12-22 12:47:14.448root 11241100x80000000000000004030060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71902c97909da03d2021-12-22 12:47:14.448root 11241100x80000000000000004030061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952b0057a6f46d1c2021-12-22 12:47:14.448root 11241100x80000000000000004030062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078bd02ade2fef012021-12-22 12:47:14.448root 11241100x80000000000000004030063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac84ab606c8b3ab2021-12-22 12:47:14.448root 11241100x80000000000000004030064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee21ce30cef566c2021-12-22 12:47:14.448root 11241100x80000000000000004030065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bce6e9c508ea3f2021-12-22 12:47:14.448root 11241100x80000000000000004030066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26326928360340992021-12-22 12:47:14.943root 11241100x80000000000000004030067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838fbe214e084a1f2021-12-22 12:47:14.943root 11241100x80000000000000004030068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de78407aac3c15df2021-12-22 12:47:14.943root 11241100x80000000000000004030069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0169bc596e9ad32021-12-22 12:47:14.943root 11241100x80000000000000004030070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1526f9ecb5cfbf812021-12-22 12:47:14.943root 11241100x80000000000000004030071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a66a60a7b23d862021-12-22 12:47:14.944root 11241100x80000000000000004030072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f33645827d8e5232021-12-22 12:47:14.944root 11241100x80000000000000004030073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f8a6edf2310d772021-12-22 12:47:14.944root 11241100x80000000000000004030074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e39c5eb8a8032692021-12-22 12:47:14.944root 11241100x80000000000000004030075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e766488234204d532021-12-22 12:47:14.944root 11241100x80000000000000004030076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c17571e67278992021-12-22 12:47:14.944root 11241100x80000000000000004030077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d21e4906a94f82b2021-12-22 12:47:14.944root 11241100x80000000000000004030078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e5fb95ba4c86f32021-12-22 12:47:14.944root 11241100x80000000000000004030079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2d5ba3114e41b42021-12-22 12:47:14.945root 11241100x80000000000000004030080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a43d12eca94a9072021-12-22 12:47:14.945root 11241100x80000000000000004030081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2e327a0ab7e7682021-12-22 12:47:14.945root 11241100x80000000000000004030082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8086d59abb3d2e4c2021-12-22 12:47:14.945root 11241100x80000000000000004030083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539c6dd9415ab96f2021-12-22 12:47:14.945root 11241100x80000000000000004030084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e75d02e3ff51d302021-12-22 12:47:14.945root 11241100x80000000000000004030085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3b85b98a44b2442021-12-22 12:47:14.945root 11241100x80000000000000004030086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d3262f5bbc328a2021-12-22 12:47:14.946root 11241100x80000000000000004030087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fd978b192cbaba2021-12-22 12:47:14.946root 11241100x80000000000000004030088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229dfaf92a9afffc2021-12-22 12:47:14.946root 11241100x80000000000000004030089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe17764f57a1a5b62021-12-22 12:47:14.946root 11241100x80000000000000004030090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8d27c9cf2d7a9f2021-12-22 12:47:14.946root 11241100x80000000000000004030091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8bbd635a805ea92021-12-22 12:47:14.946root 11241100x80000000000000004030092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c221b18e47d6a68e2021-12-22 12:47:14.946root 11241100x80000000000000004030093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bdf8378bd4c7b82021-12-22 12:47:14.946root 11241100x80000000000000004030094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60ac855f5d4a3dd2021-12-22 12:47:14.946root 11241100x80000000000000004030095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26358e775a78bc12021-12-22 12:47:14.947root 11241100x80000000000000004030096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1f7f255690d92f2021-12-22 12:47:14.947root 11241100x80000000000000004030097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5e8222dff6aee82021-12-22 12:47:14.947root 11241100x80000000000000004030098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78be6a9f99eb8bb2021-12-22 12:47:14.947root 11241100x80000000000000004030099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e92008b05a5e4c22021-12-22 12:47:15.443root 11241100x80000000000000004030100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcd52bd6bdafb102021-12-22 12:47:15.443root 11241100x80000000000000004030101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4be4c961ce9fc0f2021-12-22 12:47:15.443root 11241100x80000000000000004030102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f013b2847e9fde2021-12-22 12:47:15.443root 11241100x80000000000000004030103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1117332ca40cfc22021-12-22 12:47:15.443root 11241100x80000000000000004030104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a51bcd72a8f4ee52021-12-22 12:47:15.443root 11241100x80000000000000004030105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ab71acb1adcd3b2021-12-22 12:47:15.443root 11241100x80000000000000004030106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304bb2821c8293f82021-12-22 12:47:15.443root 11241100x80000000000000004030107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a637a877aca1a7b2021-12-22 12:47:15.443root 11241100x80000000000000004030108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395d73faf3068cfe2021-12-22 12:47:15.444root 11241100x80000000000000004030109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a39d79c7bcb295b2021-12-22 12:47:15.444root 11241100x80000000000000004030110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b69f9ea6d7e8f472021-12-22 12:47:15.444root 11241100x80000000000000004030111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf498484d932be12021-12-22 12:47:15.444root 11241100x80000000000000004030112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283e04cd3cf1d6c82021-12-22 12:47:15.444root 11241100x80000000000000004030113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c5c565e6eb7b672021-12-22 12:47:15.444root 11241100x80000000000000004030114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc18596b4665adef2021-12-22 12:47:15.444root 11241100x80000000000000004030115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d149c03938c25c2021-12-22 12:47:15.444root 11241100x80000000000000004030116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ecea9deef1efc72021-12-22 12:47:15.444root 11241100x80000000000000004030117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1fb3382cb1a4ba2021-12-22 12:47:15.445root 11241100x80000000000000004030118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c1dff2ef793b312021-12-22 12:47:15.445root 11241100x80000000000000004030119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639340555f5d756e2021-12-22 12:47:15.445root 11241100x80000000000000004030120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaeb9f810e544f82021-12-22 12:47:15.445root 11241100x80000000000000004030121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c21c7cb0c22da72021-12-22 12:47:15.445root 11241100x80000000000000004030122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7733865c1ab87d2021-12-22 12:47:15.445root 11241100x80000000000000004030123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd49529c3b50edeb2021-12-22 12:47:15.445root 11241100x80000000000000004030124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211284d5ce72f75b2021-12-22 12:47:15.445root 11241100x80000000000000004030125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc9338e1fe42b3b2021-12-22 12:47:15.446root 11241100x80000000000000004030126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b831a90f52f35b232021-12-22 12:47:15.446root 11241100x80000000000000004030127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f108e6176f16ca082021-12-22 12:47:15.446root 11241100x80000000000000004030128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a06b6d6d5a6b712021-12-22 12:47:15.446root 11241100x80000000000000004030129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01e583f171f0c632021-12-22 12:47:15.446root 11241100x80000000000000004030130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5914207249c3b1842021-12-22 12:47:15.446root 11241100x80000000000000004030131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8f9e04b81b2efd2021-12-22 12:47:15.942root 11241100x80000000000000004030132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2c336f4aca381f2021-12-22 12:47:15.943root 11241100x80000000000000004030133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cacae58367faa02021-12-22 12:47:15.943root 11241100x80000000000000004030134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd529ca05e5c57bc2021-12-22 12:47:15.943root 11241100x80000000000000004030135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd03da549e6866b2021-12-22 12:47:15.943root 11241100x80000000000000004030136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4297a6c22e57b8e2021-12-22 12:47:15.943root 11241100x80000000000000004030137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4107435d5ff87b9c2021-12-22 12:47:15.943root 11241100x80000000000000004030138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b941e7bfab46942021-12-22 12:47:15.943root 11241100x80000000000000004030139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f2f7159d4d3b1d2021-12-22 12:47:15.943root 11241100x80000000000000004030140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f3391d3e8e1d582021-12-22 12:47:15.943root 11241100x80000000000000004030141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffadaf96fb3fb1ef2021-12-22 12:47:15.943root 11241100x80000000000000004030142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbfeb12dcdefecb2021-12-22 12:47:15.944root 11241100x80000000000000004030143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b0cb3a3cba3bd62021-12-22 12:47:15.944root 11241100x80000000000000004030144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49e48f36e63ece72021-12-22 12:47:15.944root 11241100x80000000000000004030145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e0c229a9ba49422021-12-22 12:47:15.944root 11241100x80000000000000004030146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525f740172d2b5e12021-12-22 12:47:15.944root 11241100x80000000000000004030147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a243e1191191bba2021-12-22 12:47:15.944root 11241100x80000000000000004030148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b8ac2b1240dab52021-12-22 12:47:15.944root 11241100x80000000000000004030149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fa4169d6c35ff42021-12-22 12:47:15.944root 11241100x80000000000000004030150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4e6f0f1a4c04142021-12-22 12:47:15.944root 11241100x80000000000000004030151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b5e318eefbe2992021-12-22 12:47:15.945root 11241100x80000000000000004030152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a8aa9f8b76a8a02021-12-22 12:47:15.945root 11241100x80000000000000004030153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5030a3823e92e6a2021-12-22 12:47:15.945root 11241100x80000000000000004030154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f7cb591b79d3b02021-12-22 12:47:15.945root 11241100x80000000000000004030155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f4efa8d64770e32021-12-22 12:47:15.945root 11241100x80000000000000004030156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d220f1112f67787e2021-12-22 12:47:15.945root 11241100x80000000000000004030157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8269982b5a0c3b162021-12-22 12:47:15.945root 11241100x80000000000000004030158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d42a0714736c4e22021-12-22 12:47:15.945root 11241100x80000000000000004030159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e891966036ad4f2021-12-22 12:47:15.945root 11241100x80000000000000004030160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3667b6618e944e4d2021-12-22 12:47:15.945root 11241100x80000000000000004030161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498e77133baca3062021-12-22 12:47:15.946root 11241100x80000000000000004030162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448685047cd32fc72021-12-22 12:47:15.946root 11241100x80000000000000004030163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f6be7b03d6d07f2021-12-22 12:47:15.946root 11241100x80000000000000004030164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053af640e53ba0da2021-12-22 12:47:15.946root 11241100x80000000000000004030165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88165386a9f02472021-12-22 12:47:15.946root 11241100x80000000000000004030166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a415b6085c578622021-12-22 12:47:15.946root 11241100x80000000000000004030167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f0a580ed6993442021-12-22 12:47:15.946root 11241100x80000000000000004030168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089002f6a21f855e2021-12-22 12:47:15.946root 11241100x80000000000000004030169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337b5dcc3f3676912021-12-22 12:47:15.947root 11241100x80000000000000004030170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddfaa1697e1a6f42021-12-22 12:47:15.947root 11241100x80000000000000004030171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac52ddefc0f42a592021-12-22 12:47:15.947root 11241100x80000000000000004030172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862fe986df0a443e2021-12-22 12:47:15.947root 11241100x80000000000000004030173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5067f43f3a5f532021-12-22 12:47:15.947root 11241100x80000000000000004030174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18c7d6fca1975e72021-12-22 12:47:15.947root 11241100x80000000000000004030175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f70ce21fae09902021-12-22 12:47:15.947root 11241100x80000000000000004030176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91882cb3c8069e962021-12-22 12:47:15.948root 11241100x80000000000000004030177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f6a195cbf6ab582021-12-22 12:47:15.948root 11241100x80000000000000004030178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844cdd5d41ce97ca2021-12-22 12:47:15.948root 11241100x80000000000000004030179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382923ee39205f442021-12-22 12:47:15.948root 11241100x80000000000000004030180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7336a48e19b7ea302021-12-22 12:47:15.948root 11241100x80000000000000004030181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbca5c5709e95682021-12-22 12:47:15.948root 11241100x80000000000000004030182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6b34800074d0d42021-12-22 12:47:15.948root 11241100x80000000000000004030183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692dafe7874c1e8c2021-12-22 12:47:15.948root 11241100x80000000000000004030184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f9d01362c1f6c32021-12-22 12:47:15.948root 11241100x80000000000000004030185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab6cf4e1d6a25992021-12-22 12:47:15.948root 11241100x80000000000000004030186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24738ec942700e82021-12-22 12:47:15.949root 11241100x80000000000000004030187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad81a4f4d904c68f2021-12-22 12:47:15.949root 11241100x80000000000000004030188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8cbbe9fe0e14852021-12-22 12:47:16.443root 11241100x80000000000000004030189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee37f59501a1b992021-12-22 12:47:16.443root 11241100x80000000000000004030190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43321f806b47671e2021-12-22 12:47:16.443root 11241100x80000000000000004030191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c09ff8878c949002021-12-22 12:47:16.443root 11241100x80000000000000004030192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc1076b42af6b012021-12-22 12:47:16.444root 11241100x80000000000000004030193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f169973646ed3c42021-12-22 12:47:16.444root 11241100x80000000000000004030194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b9873bf0cc309b2021-12-22 12:47:16.444root 11241100x80000000000000004030195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8d7c4cc2dd58682021-12-22 12:47:16.444root 11241100x80000000000000004030196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc4c4ad96a1a9652021-12-22 12:47:16.444root 11241100x80000000000000004030197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94cf8ab7be6b5042021-12-22 12:47:16.444root 11241100x80000000000000004030198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f76616f7e6aed72021-12-22 12:47:16.444root 11241100x80000000000000004030199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e66139a6126cbe2021-12-22 12:47:16.445root 11241100x80000000000000004030200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82edd407c9920e7c2021-12-22 12:47:16.445root 11241100x80000000000000004030201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486d54e5c2ea73232021-12-22 12:47:16.445root 11241100x80000000000000004030202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848020d0cec6602c2021-12-22 12:47:16.446root 11241100x80000000000000004030203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cd40364ac5818c2021-12-22 12:47:16.446root 11241100x80000000000000004030204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b42ca49bb117802021-12-22 12:47:16.446root 11241100x80000000000000004030205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863164e29fd2afe62021-12-22 12:47:16.447root 11241100x80000000000000004030206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a2930e1d9b74a12021-12-22 12:47:16.447root 11241100x80000000000000004030207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e17d01ee7f456c2021-12-22 12:47:16.447root 11241100x80000000000000004030208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa9df0e0bf358302021-12-22 12:47:16.447root 11241100x80000000000000004030209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e46d720afe07ec12021-12-22 12:47:16.447root 11241100x80000000000000004030210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9df88ce60068e312021-12-22 12:47:16.447root 11241100x80000000000000004030211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3af3a4689d395d82021-12-22 12:47:16.448root 11241100x80000000000000004030212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da9356884157fd42021-12-22 12:47:16.448root 11241100x80000000000000004030213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a345fa421f4146a52021-12-22 12:47:16.448root 11241100x80000000000000004030214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb04aba4b408b382021-12-22 12:47:16.449root 11241100x80000000000000004030215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e89269c101cc022021-12-22 12:47:16.449root 11241100x80000000000000004030216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67f05a3b00951d72021-12-22 12:47:16.449root 11241100x80000000000000004030217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd8c3b0b189aec12021-12-22 12:47:16.449root 11241100x80000000000000004030218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0868855bbf9e3672021-12-22 12:47:16.450root 11241100x80000000000000004030219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068f04445c03da042021-12-22 12:47:16.450root 11241100x80000000000000004030220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9067d07ee88d8af2021-12-22 12:47:16.450root 11241100x80000000000000004030221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50af258df30bfe682021-12-22 12:47:16.450root 11241100x80000000000000004030222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1708e357f3da1b952021-12-22 12:47:16.451root 11241100x80000000000000004030223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b7eda163a2a8562021-12-22 12:47:16.451root 11241100x80000000000000004030224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c821ed8394fa2652021-12-22 12:47:16.451root 11241100x80000000000000004030225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff608166ead8d29b2021-12-22 12:47:16.451root 11241100x80000000000000004030226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71b038fb3afdf4b2021-12-22 12:47:16.452root 11241100x80000000000000004030227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce01fdcf17c2d3e52021-12-22 12:47:16.943root 11241100x80000000000000004030228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7c63ad3f8421a42021-12-22 12:47:16.943root 11241100x80000000000000004030229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8cd32ee5d01a342021-12-22 12:47:16.943root 11241100x80000000000000004030230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d147bbb6e0d06652021-12-22 12:47:16.944root 11241100x80000000000000004030231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2001e58873142cb22021-12-22 12:47:16.944root 11241100x80000000000000004030232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e67433863fc49162021-12-22 12:47:16.944root 11241100x80000000000000004030233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d18e6f51991c082021-12-22 12:47:16.945root 11241100x80000000000000004030234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334fbb3279d67e452021-12-22 12:47:16.945root 11241100x80000000000000004030235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c888f120473e07eb2021-12-22 12:47:16.945root 11241100x80000000000000004030236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d290bdbf61814f2021-12-22 12:47:16.945root 11241100x80000000000000004030237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53437869637383ac2021-12-22 12:47:16.946root 11241100x80000000000000004030238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beb4f3e46e3d7022021-12-22 12:47:16.947root 11241100x80000000000000004030239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb01781e985d60cb2021-12-22 12:47:16.948root 11241100x80000000000000004030240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea2bfbe647f99cc2021-12-22 12:47:16.948root 11241100x80000000000000004030241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ae3ad671ed70652021-12-22 12:47:16.949root 11241100x80000000000000004030242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad08e1cb91d39e9c2021-12-22 12:47:16.949root 11241100x80000000000000004030243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff393715df6bef42021-12-22 12:47:16.949root 11241100x80000000000000004030244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87ce6573ba75e332021-12-22 12:47:16.949root 11241100x80000000000000004030245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4cfb5ab04007d02021-12-22 12:47:16.950root 11241100x80000000000000004030246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422e1db9c83e1762021-12-22 12:47:16.950root 11241100x80000000000000004030247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa5af27271f8b932021-12-22 12:47:16.950root 11241100x80000000000000004030248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc349348e2cb74a2021-12-22 12:47:16.951root 11241100x80000000000000004030249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f03dc6b4d476a22021-12-22 12:47:16.951root 11241100x80000000000000004030250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e89ee4d6c89d4552021-12-22 12:47:16.951root 11241100x80000000000000004030251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e140ca5341d19b122021-12-22 12:47:16.951root 11241100x80000000000000004030252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717378df7dbf2c4f2021-12-22 12:47:16.951root 11241100x80000000000000004030253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23e47b9eb7aaf812021-12-22 12:47:16.951root 11241100x80000000000000004030254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a629ebbd4957d8292021-12-22 12:47:16.951root 11241100x80000000000000004030255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5ec57b1cb454182021-12-22 12:47:16.952root 11241100x80000000000000004030256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507ac0632dbd392d2021-12-22 12:47:16.952root 11241100x80000000000000004030257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337d0b07705de49c2021-12-22 12:47:16.952root 11241100x80000000000000004030258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3563bdcbd69ff182021-12-22 12:47:16.952root 11241100x80000000000000004030259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340cd2498076e62d2021-12-22 12:47:16.952root 11241100x80000000000000004030260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26e1809badd88442021-12-22 12:47:16.952root 11241100x80000000000000004030261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00465d2af34cd5c12021-12-22 12:47:17.443root 11241100x80000000000000004030262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625b813d40dac1d82021-12-22 12:47:17.443root 11241100x80000000000000004030263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cb1a0cdee07a9f2021-12-22 12:47:17.443root 11241100x80000000000000004030264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0861f93ba96678e02021-12-22 12:47:17.443root 11241100x80000000000000004030265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3db63545149fd282021-12-22 12:47:17.444root 11241100x80000000000000004030266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568e160918548d722021-12-22 12:47:17.444root 11241100x80000000000000004030267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc65bed8575f6022021-12-22 12:47:17.444root 11241100x80000000000000004030268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b2e68ff369673c2021-12-22 12:47:17.444root 11241100x80000000000000004030269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1798c39efcba602021-12-22 12:47:17.444root 11241100x80000000000000004030270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fb49c711ce8a252021-12-22 12:47:17.444root 11241100x80000000000000004030271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfd400e3f20bbec2021-12-22 12:47:17.444root 11241100x80000000000000004030272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223b00197c21f2b12021-12-22 12:47:17.444root 11241100x80000000000000004030273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fb85e5f6637efc2021-12-22 12:47:17.444root 11241100x80000000000000004030274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fde8ea1616c797d2021-12-22 12:47:17.444root 11241100x80000000000000004030275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e23ed9ef92d3762021-12-22 12:47:17.445root 11241100x80000000000000004030276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3744cf2ec393cb72021-12-22 12:47:17.445root 11241100x80000000000000004030277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80a0f8bf2f0ebbf2021-12-22 12:47:17.445root 11241100x80000000000000004030278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a40a26dabd3c3032021-12-22 12:47:17.445root 11241100x80000000000000004030279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c91d6221c156fd32021-12-22 12:47:17.445root 11241100x80000000000000004030280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f072572cb1e9e92021-12-22 12:47:17.445root 11241100x80000000000000004030281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba8573b8c8b6ef22021-12-22 12:47:17.445root 11241100x80000000000000004030282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57e1736931168cf2021-12-22 12:47:17.445root 11241100x80000000000000004030283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6402dea4d9c7e0b2021-12-22 12:47:17.446root 11241100x80000000000000004030284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae821ebc1685b7d2021-12-22 12:47:17.446root 11241100x80000000000000004030285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4641109e07e98e8e2021-12-22 12:47:17.446root 11241100x80000000000000004030286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83ef77b3d1334972021-12-22 12:47:17.446root 11241100x80000000000000004030287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c83b8208fd0e812021-12-22 12:47:17.446root 11241100x80000000000000004030288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaa4f28556207ef2021-12-22 12:47:17.446root 11241100x80000000000000004030289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41ec0ba09f6e80e2021-12-22 12:47:17.446root 11241100x80000000000000004030290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9d06be43dd24fc2021-12-22 12:47:17.447root 11241100x80000000000000004030291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0395335ae4a358b42021-12-22 12:47:17.447root 11241100x80000000000000004030292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4a4c2dd97436b82021-12-22 12:47:17.447root 11241100x80000000000000004030293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f005dd7ef319c0a2021-12-22 12:47:17.447root 11241100x80000000000000004030294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1d25fcdc738f932021-12-22 12:47:17.447root 11241100x80000000000000004030295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd551ce3c439f2fc2021-12-22 12:47:17.447root 11241100x80000000000000004030296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5071ef23f7fb09b82021-12-22 12:47:17.447root 11241100x80000000000000004030297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5991b658ee82da712021-12-22 12:47:17.943root 11241100x80000000000000004030298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47adff2eb52801e22021-12-22 12:47:17.943root 11241100x80000000000000004030299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5c0acb8a3779572021-12-22 12:47:17.943root 11241100x80000000000000004030300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed0f0d2509fa9b52021-12-22 12:47:17.944root 11241100x80000000000000004030301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f0fd66d2b4688b2021-12-22 12:47:17.944root 11241100x80000000000000004030302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138f2b0fc86c6f622021-12-22 12:47:17.944root 11241100x80000000000000004030303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b63cf78e7ec8a922021-12-22 12:47:17.944root 11241100x80000000000000004030304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02727000d57c95d72021-12-22 12:47:17.944root 11241100x80000000000000004030305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e622a4840e54cb2021-12-22 12:47:17.944root 11241100x80000000000000004030306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d43eb32a3ec06b2021-12-22 12:47:17.944root 11241100x80000000000000004030307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6491466231f06f632021-12-22 12:47:17.944root 11241100x80000000000000004030308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fc4c50ced718e52021-12-22 12:47:17.944root 11241100x80000000000000004030309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914aaefb7242f45b2021-12-22 12:47:17.945root 11241100x80000000000000004030310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1868832c92c8cc2021-12-22 12:47:17.945root 11241100x80000000000000004030311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568fec2494f52f882021-12-22 12:47:17.945root 11241100x80000000000000004030312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165a6d2ff6b3f3a32021-12-22 12:47:17.945root 11241100x80000000000000004030313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4cefc58f46ec3f2021-12-22 12:47:17.945root 11241100x80000000000000004030314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3f126c517d879a2021-12-22 12:47:17.945root 11241100x80000000000000004030315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03de585412b299532021-12-22 12:47:17.945root 11241100x80000000000000004030316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620010419b6b60df2021-12-22 12:47:17.945root 11241100x80000000000000004030317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b4360d96c101c52021-12-22 12:47:17.945root 11241100x80000000000000004030318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f37814f43f3e16d2021-12-22 12:47:17.945root 11241100x80000000000000004030319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818378d7c9634c092021-12-22 12:47:17.946root 11241100x80000000000000004030320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cea3b13841d3e52021-12-22 12:47:17.946root 11241100x80000000000000004030321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e353a33e24b9762021-12-22 12:47:17.946root 11241100x80000000000000004030322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367b24afe50768ed2021-12-22 12:47:17.946root 11241100x80000000000000004030323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a90a3e3a177f6582021-12-22 12:47:17.946root 11241100x80000000000000004030324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7900f3c948f89ac2021-12-22 12:47:17.946root 11241100x80000000000000004030325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161e193b6ceec0482021-12-22 12:47:17.946root 11241100x80000000000000004030326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2391a24dfb91652021-12-22 12:47:17.946root 11241100x80000000000000004030327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79db5a4ecf68b54e2021-12-22 12:47:17.948root 11241100x80000000000000004030328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c1ff326b2215592021-12-22 12:47:17.948root 354300x80000000000000004030329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.235{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56906-false10.0.1.12-8000- 11241100x80000000000000004030330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33e5fe27fe75ee92021-12-22 12:47:18.235root 11241100x80000000000000004030331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a88dce5b155c1102021-12-22 12:47:18.236root 11241100x80000000000000004030332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f1dc8b4c0b38ae2021-12-22 12:47:18.236root 11241100x80000000000000004030333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112eb3f81b7de0142021-12-22 12:47:18.236root 11241100x80000000000000004030334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171e0d2c29b31fb52021-12-22 12:47:18.236root 11241100x80000000000000004030335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41feef91b0d195a2021-12-22 12:47:18.236root 11241100x80000000000000004030336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459dd197257110022021-12-22 12:47:18.236root 11241100x80000000000000004030337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760c3c2b5dea9c622021-12-22 12:47:18.236root 11241100x80000000000000004030338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5151cb03ee2e7492021-12-22 12:47:18.236root 11241100x80000000000000004030339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e5aedd7705f71a2021-12-22 12:47:18.236root 11241100x80000000000000004030340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e28584215a0529a2021-12-22 12:47:18.236root 11241100x80000000000000004030341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074702ca93f9153a2021-12-22 12:47:18.236root 11241100x80000000000000004030342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b33d6f233aa416b2021-12-22 12:47:18.237root 11241100x80000000000000004030343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a50c61157e4132f2021-12-22 12:47:18.237root 11241100x80000000000000004030344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8874d0baf5cc98ff2021-12-22 12:47:18.237root 11241100x80000000000000004030345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74209c5a6042f8af2021-12-22 12:47:18.237root 11241100x80000000000000004030346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b233f25ce6135e2021-12-22 12:47:18.237root 11241100x80000000000000004030347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdadddaab679ade92021-12-22 12:47:18.237root 11241100x80000000000000004030348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c1f3c3864a4dc32021-12-22 12:47:18.237root 11241100x80000000000000004030349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af52620252c476892021-12-22 12:47:18.237root 11241100x80000000000000004030350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24f94413e435f8a2021-12-22 12:47:18.237root 11241100x80000000000000004030351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5dc66dbd00f3312021-12-22 12:47:18.237root 11241100x80000000000000004030352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2eff80b8c231a72021-12-22 12:47:18.238root 11241100x80000000000000004030353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd480c539fca6c922021-12-22 12:47:18.238root 11241100x80000000000000004030354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0246fd5886b490c2021-12-22 12:47:18.238root 11241100x80000000000000004030355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ca8f68b02b2ef12021-12-22 12:47:18.238root 11241100x80000000000000004030356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d0e4ba6d5dbb4f2021-12-22 12:47:18.238root 11241100x80000000000000004030357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bd4509e04bffa42021-12-22 12:47:18.238root 11241100x80000000000000004030358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a5c76b8bf660db2021-12-22 12:47:18.238root 11241100x80000000000000004030359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1f69dfc400210e2021-12-22 12:47:18.238root 11241100x80000000000000004030360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8be21a3b38eae3c2021-12-22 12:47:18.239root 11241100x80000000000000004030361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4f9f91e9ddc7942021-12-22 12:47:18.239root 11241100x80000000000000004030362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915508da1ea646c52021-12-22 12:47:18.239root 11241100x80000000000000004030363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce222536ca68c5842021-12-22 12:47:18.239root 11241100x80000000000000004030364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553a60968271564f2021-12-22 12:47:18.239root 11241100x80000000000000004030365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f146a50b43d76d2021-12-22 12:47:18.239root 11241100x80000000000000004030366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c098f5f14632360e2021-12-22 12:47:18.239root 11241100x80000000000000004030367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d5a875914bbd132021-12-22 12:47:18.239root 11241100x80000000000000004030368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0352c7c80c90fa4e2021-12-22 12:47:18.693root 11241100x80000000000000004030369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a26227e66371c982021-12-22 12:47:18.694root 11241100x80000000000000004030370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d8f21e56b901c12021-12-22 12:47:18.694root 11241100x80000000000000004030371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b070fded22119902021-12-22 12:47:18.694root 11241100x80000000000000004030372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b01182d3d814662021-12-22 12:47:18.694root 11241100x80000000000000004030373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c58c7e0f70fdfb2021-12-22 12:47:18.694root 11241100x80000000000000004030374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63edc2f26487e0fc2021-12-22 12:47:18.694root 11241100x80000000000000004030375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84147ce5404f2142021-12-22 12:47:18.694root 11241100x80000000000000004030376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d45945c04f3b3e42021-12-22 12:47:18.694root 11241100x80000000000000004030377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f45b1b7d662b2b2021-12-22 12:47:18.695root 11241100x80000000000000004030378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eec8f2b73022552021-12-22 12:47:18.695root 11241100x80000000000000004030379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457294279b89abef2021-12-22 12:47:18.695root 11241100x80000000000000004030380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4c9f56e8f397c02021-12-22 12:47:18.695root 11241100x80000000000000004030381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14175df0c8d6cfe82021-12-22 12:47:18.695root 11241100x80000000000000004030382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052dad5ab5c1770a2021-12-22 12:47:18.695root 11241100x80000000000000004030383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c56a44a00ef9eac2021-12-22 12:47:18.695root 11241100x80000000000000004030384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd78b100ca22e0f2021-12-22 12:47:18.695root 11241100x80000000000000004030385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41888680da49d0492021-12-22 12:47:18.695root 11241100x80000000000000004030386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063e388b4beba2922021-12-22 12:47:18.696root 11241100x80000000000000004030387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19417e8068e5c912021-12-22 12:47:18.696root 11241100x80000000000000004030388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de55cf07e99700682021-12-22 12:47:18.696root 11241100x80000000000000004030389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef04043ff9f15552021-12-22 12:47:18.696root 11241100x80000000000000004030390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b315b2616c17002021-12-22 12:47:18.696root 11241100x80000000000000004030391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f5c58f56650e382021-12-22 12:47:18.696root 11241100x80000000000000004030392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfd1117789d63132021-12-22 12:47:18.696root 11241100x80000000000000004030393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce098f45286ad0e2021-12-22 12:47:18.696root 11241100x80000000000000004030394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17720efdb34558a62021-12-22 12:47:18.696root 11241100x80000000000000004030395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2508081e930f0652021-12-22 12:47:18.696root 11241100x80000000000000004030396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e68f26b5c757f62021-12-22 12:47:18.697root 11241100x80000000000000004030397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743a8d58e7a6d51e2021-12-22 12:47:18.697root 11241100x80000000000000004030398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fca0f03da2048bc2021-12-22 12:47:18.697root 11241100x80000000000000004030399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5259e1ed36785a2021-12-22 12:47:18.697root 11241100x80000000000000004030400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b809c5488e5684e42021-12-22 12:47:18.697root 11241100x80000000000000004030401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebe8ace43e1a7e42021-12-22 12:47:19.193root 11241100x80000000000000004030402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53b31d6a5c398282021-12-22 12:47:19.194root 11241100x80000000000000004030403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d804dfb2271a73b2021-12-22 12:47:19.194root 11241100x80000000000000004030404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa69d75110d86ce62021-12-22 12:47:19.194root 11241100x80000000000000004030405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2c53649701d2502021-12-22 12:47:19.194root 11241100x80000000000000004030406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6093eaa62c609f9b2021-12-22 12:47:19.194root 11241100x80000000000000004030407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd22eced9b274b82021-12-22 12:47:19.194root 11241100x80000000000000004030408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb28f176e61da422021-12-22 12:47:19.194root 11241100x80000000000000004030409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6912805bd181c4262021-12-22 12:47:19.194root 11241100x80000000000000004030410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a7daf04244607f2021-12-22 12:47:19.194root 11241100x80000000000000004030411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65a4b75dfc579d52021-12-22 12:47:19.194root 11241100x80000000000000004030412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cb4397d55f977d2021-12-22 12:47:19.195root 11241100x80000000000000004030413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a186b25c323ef9f82021-12-22 12:47:19.195root 11241100x80000000000000004030414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bcf178997600922021-12-22 12:47:19.195root 11241100x80000000000000004030415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7036edc71d77f12021-12-22 12:47:19.195root 11241100x80000000000000004030416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d052921816460a2021-12-22 12:47:19.195root 11241100x80000000000000004030417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ff917dd41ac9b62021-12-22 12:47:19.195root 11241100x80000000000000004030418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c9fff62da9774b2021-12-22 12:47:19.195root 11241100x80000000000000004030419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db5b42787b97c112021-12-22 12:47:19.195root 11241100x80000000000000004030420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12011f460d3195a2021-12-22 12:47:19.195root 11241100x80000000000000004030421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17c95e7f51796c12021-12-22 12:47:19.196root 11241100x80000000000000004030422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8462f519ccc2aab42021-12-22 12:47:19.196root 11241100x80000000000000004030423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91320e0d0e58b502021-12-22 12:47:19.196root 11241100x80000000000000004030424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcef86d61d6f2752021-12-22 12:47:19.196root 11241100x80000000000000004030425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244bf3da982c3de82021-12-22 12:47:19.196root 11241100x80000000000000004030426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122a8d17fb8d99cb2021-12-22 12:47:19.196root 11241100x80000000000000004030427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ba9c82436dc5b82021-12-22 12:47:19.196root 11241100x80000000000000004030428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d0acbb1187bbbf2021-12-22 12:47:19.196root 11241100x80000000000000004030429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944ea25c1e6c5c002021-12-22 12:47:19.196root 11241100x80000000000000004030430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e18c5524d81c622021-12-22 12:47:19.196root 11241100x80000000000000004030431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84937d6e6c5c11ec2021-12-22 12:47:19.197root 11241100x80000000000000004030432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d1b5480d53e7ae2021-12-22 12:47:19.197root 11241100x80000000000000004030433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f9828eb485c5d32021-12-22 12:47:19.197root 534500x80000000000000004030434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.235{00000000-0000-0000-0000-000000000000}22740<unknown process>ubuntu 11241100x80000000000000004030435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.235{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.CPDrxh2021-12-22 12:47:19.235ubuntu 23542300x80000000000000004030436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.235{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.CPDrxh--- 11241100x80000000000000004030437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7a0234f32ac2622021-12-22 12:47:19.693root 11241100x80000000000000004030438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c1dc5cdb2fde312021-12-22 12:47:19.694root 11241100x80000000000000004030439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a002faec7206a92a2021-12-22 12:47:19.694root 11241100x80000000000000004030440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01ea12d94c101ab2021-12-22 12:47:19.694root 11241100x80000000000000004030441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc80aad004a9769a2021-12-22 12:47:19.695root 11241100x80000000000000004030442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7290880d69c7e92e2021-12-22 12:47:19.695root 11241100x80000000000000004030443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620558df592a203d2021-12-22 12:47:19.695root 11241100x80000000000000004030444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ac310243c4062a2021-12-22 12:47:19.696root 11241100x80000000000000004030445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc14fb9610737c02021-12-22 12:47:19.696root 11241100x80000000000000004030446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b913af5b9f2d5b2021-12-22 12:47:19.696root 11241100x80000000000000004030447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0011b2948ec27b892021-12-22 12:47:19.696root 11241100x80000000000000004030448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f0fc56f1b5db202021-12-22 12:47:19.696root 11241100x80000000000000004030449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4e607996fe2fb02021-12-22 12:47:19.696root 11241100x80000000000000004030450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafbb2d876a98ab02021-12-22 12:47:19.696root 11241100x80000000000000004030451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ffd9a35513c33b2021-12-22 12:47:19.696root 11241100x80000000000000004030452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c6df76887b7b562021-12-22 12:47:19.696root 11241100x80000000000000004030453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cc4a71b02127972021-12-22 12:47:19.696root 11241100x80000000000000004030454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97e99515f7ab9442021-12-22 12:47:19.696root 11241100x80000000000000004030455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbacb12f2d4efb52021-12-22 12:47:19.697root 11241100x80000000000000004030456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04992a7dc24ab31e2021-12-22 12:47:19.697root 11241100x80000000000000004030457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d37dc918d81d8872021-12-22 12:47:19.697root 11241100x80000000000000004030458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5203e35e95ae9562021-12-22 12:47:19.697root 11241100x80000000000000004030459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186933567eb3cc362021-12-22 12:47:19.697root 11241100x80000000000000004030460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2639fcfe43702bac2021-12-22 12:47:19.697root 11241100x80000000000000004030461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a028559b950767302021-12-22 12:47:19.697root 11241100x80000000000000004030462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503e4b39051609932021-12-22 12:47:19.697root 11241100x80000000000000004030463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dc2f28716dc8ab2021-12-22 12:47:19.697root 11241100x80000000000000004030464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525bdacfa75f54c52021-12-22 12:47:19.697root 11241100x80000000000000004030465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbf79e86a9bdc532021-12-22 12:47:19.698root 11241100x80000000000000004030466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f36218a959fc8f2021-12-22 12:47:19.698root 11241100x80000000000000004030467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e44fc130a31db2a2021-12-22 12:47:19.698root 11241100x80000000000000004030468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d12e5800f1e7592021-12-22 12:47:19.698root 11241100x80000000000000004030469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0733c51b3af0d4d32021-12-22 12:47:19.698root 11241100x80000000000000004030470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c6da9dee07cd512021-12-22 12:47:19.698root 11241100x80000000000000004030471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6911125ba062d452021-12-22 12:47:19.698root 11241100x80000000000000004030472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2951ba0381450d62021-12-22 12:47:19.698root 11241100x80000000000000004030473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93246e40253c9fdd2021-12-22 12:47:19.698root 11241100x80000000000000004030474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9275c58ed6e7fecf2021-12-22 12:47:19.698root 11241100x80000000000000004030475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1eb311c15d6b5c2021-12-22 12:47:20.193root 11241100x80000000000000004030476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f531e17c15ad6c3e2021-12-22 12:47:20.193root 11241100x80000000000000004030477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d3673cae07236b2021-12-22 12:47:20.193root 11241100x80000000000000004030478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94440b7f723f7c8b2021-12-22 12:47:20.193root 11241100x80000000000000004030479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8586948cff70332021-12-22 12:47:20.193root 11241100x80000000000000004030480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554e1d65d5678ff52021-12-22 12:47:20.194root 11241100x80000000000000004030481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dd0d63a6df3c3c2021-12-22 12:47:20.194root 11241100x80000000000000004030482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b72a18bf7bcbac2021-12-22 12:47:20.194root 11241100x80000000000000004030483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17309fbdbb2ebbb2021-12-22 12:47:20.194root 11241100x80000000000000004030484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381fa8b52c9f82b02021-12-22 12:47:20.194root 11241100x80000000000000004030485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff06319b790321012021-12-22 12:47:20.194root 11241100x80000000000000004030486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf725b8fa9b2f902021-12-22 12:47:20.194root 11241100x80000000000000004030487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8034e58bb00a07be2021-12-22 12:47:20.194root 11241100x80000000000000004030488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f178b818796c5c52021-12-22 12:47:20.194root 11241100x80000000000000004030489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb0c0f5c7ced8d42021-12-22 12:47:20.194root 11241100x80000000000000004030490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aede345dcc37d972021-12-22 12:47:20.194root 11241100x80000000000000004030491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fe694d68b25b8e2021-12-22 12:47:20.195root 11241100x80000000000000004030492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763f6d3dc67b702c2021-12-22 12:47:20.195root 11241100x80000000000000004030493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abcd078ae77c34d2021-12-22 12:47:20.195root 11241100x80000000000000004030494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92de93a94f564812021-12-22 12:47:20.195root 11241100x80000000000000004030495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3c597fb7e5ac7c2021-12-22 12:47:20.195root 11241100x80000000000000004030496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589db5613634ba612021-12-22 12:47:20.195root 11241100x80000000000000004030497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a70dca4cca10fa72021-12-22 12:47:20.195root 11241100x80000000000000004030498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c30cf1f87daca12021-12-22 12:47:20.195root 11241100x80000000000000004030499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77544bc2d23bef132021-12-22 12:47:20.195root 11241100x80000000000000004030500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a876e9298f47002021-12-22 12:47:20.195root 11241100x80000000000000004030501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d894d4f188f4f52021-12-22 12:47:20.196root 11241100x80000000000000004030502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8869c96a305f4f22021-12-22 12:47:20.196root 11241100x80000000000000004030503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf2f7e7b5c8d2e22021-12-22 12:47:20.196root 11241100x80000000000000004030504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d68a6c84581cfc2021-12-22 12:47:20.196root 11241100x80000000000000004030505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57965b189b934fcf2021-12-22 12:47:20.196root 11241100x80000000000000004030506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17a3f82b1eeb8a12021-12-22 12:47:20.196root 11241100x80000000000000004030507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4972b1126c998e352021-12-22 12:47:20.196root 11241100x80000000000000004030508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c10f89706536f7c2021-12-22 12:47:20.196root 11241100x80000000000000004030509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb7cce407c16dcf2021-12-22 12:47:20.197root 11241100x80000000000000004030510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186e9b096b868b1f2021-12-22 12:47:20.197root 11241100x80000000000000004030511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6544bd90988bd872021-12-22 12:47:20.693root 11241100x80000000000000004030512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2d396d9dbf77fa2021-12-22 12:47:20.693root 11241100x80000000000000004030513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd2cfcbe64f8f312021-12-22 12:47:20.693root 11241100x80000000000000004030514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f49bbcc57d9f7482021-12-22 12:47:20.693root 11241100x80000000000000004030515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6132748944881c342021-12-22 12:47:20.693root 11241100x80000000000000004030516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42af6a923aa686ec2021-12-22 12:47:20.694root 11241100x80000000000000004030517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616d52df62fc6c882021-12-22 12:47:20.694root 11241100x80000000000000004030518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e2647e640aa0832021-12-22 12:47:20.694root 11241100x80000000000000004030519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3903c52d6bbbaf8e2021-12-22 12:47:20.694root 11241100x80000000000000004030520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb5a2fc629e06672021-12-22 12:47:20.694root 11241100x80000000000000004030521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456a5aa8cdfd56de2021-12-22 12:47:20.694root 11241100x80000000000000004030522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cb10e18660d2452021-12-22 12:47:20.694root 11241100x80000000000000004030523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e60cd166e8ad2c72021-12-22 12:47:20.694root 11241100x80000000000000004030524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2683ae76562095902021-12-22 12:47:20.694root 11241100x80000000000000004030525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859394be9eb8c6ee2021-12-22 12:47:20.695root 11241100x80000000000000004030526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8865fc6d95dff0c32021-12-22 12:47:20.695root 11241100x80000000000000004030527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cc3bd9fb16e6252021-12-22 12:47:20.695root 11241100x80000000000000004030528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c454393a2082ee2021-12-22 12:47:20.695root 11241100x80000000000000004030529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d46736d30cc17792021-12-22 12:47:20.695root 11241100x80000000000000004030530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfe27ea27b326fe2021-12-22 12:47:20.695root 11241100x80000000000000004030531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735d49227b52d1cf2021-12-22 12:47:20.695root 11241100x80000000000000004030532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bec7a4c24ec46622021-12-22 12:47:20.695root 11241100x80000000000000004030533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91324594cb6963712021-12-22 12:47:20.695root 11241100x80000000000000004030534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c964cb7656868e042021-12-22 12:47:20.695root 11241100x80000000000000004030535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5945d951adef8c2021-12-22 12:47:20.696root 11241100x80000000000000004030536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c496c678a5b439152021-12-22 12:47:20.696root 11241100x80000000000000004030537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e5ace68b6550eb2021-12-22 12:47:20.696root 11241100x80000000000000004030538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb3575b274b60b22021-12-22 12:47:20.696root 11241100x80000000000000004030539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8f3e041af0ac2c2021-12-22 12:47:20.696root 11241100x80000000000000004030540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81a022620620b3a2021-12-22 12:47:20.696root 11241100x80000000000000004030541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af56f505a6768fe2021-12-22 12:47:20.696root 11241100x80000000000000004030542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59177e48e9955dc52021-12-22 12:47:20.696root 11241100x80000000000000004030543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7511dcda4da3a57d2021-12-22 12:47:20.696root 11241100x80000000000000004030544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b66a50d815e73d62021-12-22 12:47:20.697root 11241100x80000000000000004030545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d82df1856222d02021-12-22 12:47:20.697root 11241100x80000000000000004030546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4534600c9247ae92021-12-22 12:47:20.697root 11241100x80000000000000004030547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608909d552acf7e72021-12-22 12:47:20.697root 11241100x80000000000000004030548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4749d07fec6dd4462021-12-22 12:47:21.193root 11241100x80000000000000004030549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11519c28c3f8717f2021-12-22 12:47:21.193root 11241100x80000000000000004030550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146a33ee4e8d2ef62021-12-22 12:47:21.193root 11241100x80000000000000004030551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67e4b649a28c36d2021-12-22 12:47:21.193root 11241100x80000000000000004030552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadbfb6a220bf5fb2021-12-22 12:47:21.194root 11241100x80000000000000004030553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82847d1179f56f82021-12-22 12:47:21.194root 11241100x80000000000000004030554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012b6b3770fe70002021-12-22 12:47:21.194root 11241100x80000000000000004030555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96668707f33370632021-12-22 12:47:21.194root 11241100x80000000000000004030556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dea7bc521e9f442021-12-22 12:47:21.194root 11241100x80000000000000004030557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5801a4d3e5cd878b2021-12-22 12:47:21.194root 11241100x80000000000000004030558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bd2d1ce0de4dcd2021-12-22 12:47:21.194root 11241100x80000000000000004030559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e0ada96bd83da12021-12-22 12:47:21.194root 11241100x80000000000000004030560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12e8a4519fadc832021-12-22 12:47:21.194root 11241100x80000000000000004030561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c1eed11a81e87a2021-12-22 12:47:21.194root 11241100x80000000000000004030562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ede7a485064dab2021-12-22 12:47:21.195root 11241100x80000000000000004030563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048fdf61582991eb2021-12-22 12:47:21.195root 11241100x80000000000000004030564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821b6172c3129f702021-12-22 12:47:21.195root 11241100x80000000000000004030565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa66f47af8e03322021-12-22 12:47:21.195root 11241100x80000000000000004030566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b26e9854868c432021-12-22 12:47:21.195root 11241100x80000000000000004030567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8923a487f7a2173f2021-12-22 12:47:21.195root 11241100x80000000000000004030568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b75801e42c8f4b2021-12-22 12:47:21.195root 11241100x80000000000000004030569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6947d5590926a22021-12-22 12:47:21.195root 11241100x80000000000000004030570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9334bb6eb46b596b2021-12-22 12:47:21.195root 11241100x80000000000000004030571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f232d4fe07015e2021-12-22 12:47:21.196root 11241100x80000000000000004030572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a00cc3493c45612021-12-22 12:47:21.196root 11241100x80000000000000004030573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fbc6e56dc964fb2021-12-22 12:47:21.196root 11241100x80000000000000004030574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faec389c229d91d72021-12-22 12:47:21.196root 11241100x80000000000000004030575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44eba3704797c4b2021-12-22 12:47:21.196root 11241100x80000000000000004030576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b19da9f4b61d182021-12-22 12:47:21.196root 11241100x80000000000000004030577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec6e546fbf39a5c2021-12-22 12:47:21.196root 11241100x80000000000000004030578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647e0fc99bba4b762021-12-22 12:47:21.196root 11241100x80000000000000004030579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49eb9690e65e1e52021-12-22 12:47:21.196root 11241100x80000000000000004030580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d5d4c778c14a202021-12-22 12:47:21.197root 11241100x80000000000000004030581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f384be392f4e8dd62021-12-22 12:47:21.197root 11241100x80000000000000004030582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968a02d8a7b17a492021-12-22 12:47:21.197root 11241100x80000000000000004030583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12854ab5c5dacd462021-12-22 12:47:21.197root 534500x80000000000000004030584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.362{00000000-0000-0000-0000-000000000000}22741<unknown process>ubuntu 11241100x80000000000000004030585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.362{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.kSTMbp2021-12-22 12:47:21.362ubuntu 23542300x80000000000000004030586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.362{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.kSTMbp--- 11241100x80000000000000004030587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d97dddc9fd82222021-12-22 12:47:21.693root 11241100x80000000000000004030588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c81ed0d8e7860b82021-12-22 12:47:21.693root 11241100x80000000000000004030589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dbcb922fa9fdf62021-12-22 12:47:21.693root 11241100x80000000000000004030590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a7e3671dfb78162021-12-22 12:47:21.693root 11241100x80000000000000004030591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88388d38e7f60a12021-12-22 12:47:21.693root 11241100x80000000000000004030592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1955c459374f70a2021-12-22 12:47:21.693root 11241100x80000000000000004030593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d610c117e68aa7f2021-12-22 12:47:21.693root 11241100x80000000000000004030594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6d3e1f47f6f9d62021-12-22 12:47:21.693root 11241100x80000000000000004030595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddd756e78504dad2021-12-22 12:47:21.694root 11241100x80000000000000004030596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d806d5f7a4233292021-12-22 12:47:21.694root 11241100x80000000000000004030597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d855b826a502672021-12-22 12:47:21.694root 11241100x80000000000000004030598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9ccf912c85c3fb2021-12-22 12:47:21.695root 11241100x80000000000000004030599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bcaf25e9b2e7102021-12-22 12:47:21.695root 11241100x80000000000000004030600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648668e104d5d66f2021-12-22 12:47:21.695root 11241100x80000000000000004030601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5561982475ed047a2021-12-22 12:47:21.695root 11241100x80000000000000004030602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8ea3a58b69d5512021-12-22 12:47:21.695root 11241100x80000000000000004030603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcc3e860f25846d2021-12-22 12:47:21.695root 11241100x80000000000000004030604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c5f64933c9f0872021-12-22 12:47:21.695root 11241100x80000000000000004030605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1c174ef98870c52021-12-22 12:47:21.695root 11241100x80000000000000004030606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947ef17f66a063322021-12-22 12:47:21.696root 11241100x80000000000000004030607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6308c849ea479062021-12-22 12:47:21.696root 11241100x80000000000000004030608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6061012d4362c842021-12-22 12:47:21.696root 11241100x80000000000000004030609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a2cbe7ce6ee1822021-12-22 12:47:21.696root 11241100x80000000000000004030610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21c03b3460d6d202021-12-22 12:47:21.696root 11241100x80000000000000004030611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f954227d5c8b31622021-12-22 12:47:21.696root 11241100x80000000000000004030612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a163e9f3a0d44a0c2021-12-22 12:47:21.696root 11241100x80000000000000004030613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1aee9a117163dd82021-12-22 12:47:21.697root 11241100x80000000000000004030614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677938df4f5e0c7e2021-12-22 12:47:21.697root 11241100x80000000000000004030615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ee71a2964560862021-12-22 12:47:21.697root 11241100x80000000000000004030616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d070deb030edc62021-12-22 12:47:21.697root 11241100x80000000000000004030617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321b859f3caf1e312021-12-22 12:47:21.698root 11241100x80000000000000004030618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed28a42bf33a0222021-12-22 12:47:21.698root 11241100x80000000000000004030619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab91c12e8b2837f2021-12-22 12:47:21.698root 11241100x80000000000000004030620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0abc9a94eb9ce362021-12-22 12:47:21.698root 11241100x80000000000000004030621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8098759856068b352021-12-22 12:47:21.699root 11241100x80000000000000004030622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8db486af727b9c02021-12-22 12:47:21.699root 11241100x80000000000000004030623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9656fc1fffa251802021-12-22 12:47:21.699root 11241100x80000000000000004030624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3b4cb39b5bb48c2021-12-22 12:47:21.699root 11241100x80000000000000004030625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43a419fc27c952f2021-12-22 12:47:21.699root 11241100x80000000000000004030626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfc45a22d2487b42021-12-22 12:47:21.700root 11241100x80000000000000004030627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2301f00649282fa22021-12-22 12:47:21.700root 11241100x80000000000000004030628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cbc3bf3fb7c7312021-12-22 12:47:21.700root 11241100x80000000000000004030629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:21.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebce8bb5dfe58192021-12-22 12:47:21.701root 11241100x80000000000000004030630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af5faa50804bb942021-12-22 12:47:22.193root 11241100x80000000000000004030631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba039a51ccd7a3fd2021-12-22 12:47:22.193root 11241100x80000000000000004030632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc80dcc788594de2021-12-22 12:47:22.193root 11241100x80000000000000004030633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42214a2e78721e702021-12-22 12:47:22.193root 11241100x80000000000000004030634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279dc3ad1913d2ca2021-12-22 12:47:22.194root 11241100x80000000000000004030635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de79fd3149f04ea02021-12-22 12:47:22.194root 11241100x80000000000000004030636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd6cc1c49824f522021-12-22 12:47:22.194root 11241100x80000000000000004030637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2dfc9417cb3e4d2021-12-22 12:47:22.194root 11241100x80000000000000004030638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db911d78d0aa6ba2021-12-22 12:47:22.195root 11241100x80000000000000004030639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26ce9b44dd980692021-12-22 12:47:22.195root 11241100x80000000000000004030640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fc0d46ad702e552021-12-22 12:47:22.195root 11241100x80000000000000004030641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83e1db70da09d8b2021-12-22 12:47:22.195root 11241100x80000000000000004030642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d69223fd6736d42021-12-22 12:47:22.196root 11241100x80000000000000004030643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d819cd72887db3772021-12-22 12:47:22.196root 11241100x80000000000000004030644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba718b3bc3f6ef02021-12-22 12:47:22.196root 11241100x80000000000000004030645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a936bfab56bfd22021-12-22 12:47:22.196root 11241100x80000000000000004030646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f131f3b676446892021-12-22 12:47:22.196root 11241100x80000000000000004030647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc2f1f0880f98952021-12-22 12:47:22.197root 11241100x80000000000000004030648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdbab8b01366d062021-12-22 12:47:22.197root 11241100x80000000000000004030649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e761b56156ac2af42021-12-22 12:47:22.197root 11241100x80000000000000004030650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580e24eed7ceb9e62021-12-22 12:47:22.197root 11241100x80000000000000004030651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89f5aea60b46eea2021-12-22 12:47:22.198root 11241100x80000000000000004030652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab5b49b53f7ee222021-12-22 12:47:22.198root 11241100x80000000000000004030653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e790a7dc09bb3f2021-12-22 12:47:22.198root 11241100x80000000000000004030654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1348fa71ff4675f02021-12-22 12:47:22.198root 11241100x80000000000000004030655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5932db4691d545f62021-12-22 12:47:22.198root 11241100x80000000000000004030656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e13a020b8e5bbe2021-12-22 12:47:22.199root 11241100x80000000000000004030657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f85ded4270dc792021-12-22 12:47:22.199root 11241100x80000000000000004030658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0dac5c3fac583e2021-12-22 12:47:22.199root 11241100x80000000000000004030659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc1a7fe15f9f4f52021-12-22 12:47:22.199root 11241100x80000000000000004030660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76c1494642757252021-12-22 12:47:22.200root 11241100x80000000000000004030661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec85b4b8a2922db2021-12-22 12:47:22.200root 11241100x80000000000000004030662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03704c5dc42f88cd2021-12-22 12:47:22.200root 11241100x80000000000000004030663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ff0366f5b6dbb92021-12-22 12:47:22.200root 11241100x80000000000000004030664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84379f91abbfcf52021-12-22 12:47:22.200root 11241100x80000000000000004030665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d12d8d9da0b8e42021-12-22 12:47:22.201root 11241100x80000000000000004030666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0a4891abfb423d2021-12-22 12:47:22.201root 11241100x80000000000000004030667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df29aa786c011cc22021-12-22 12:47:22.202root 11241100x80000000000000004030668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab117ba6e55379532021-12-22 12:47:22.202root 11241100x80000000000000004030669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3f7e50a67bc8f32021-12-22 12:47:22.202root 11241100x80000000000000004030670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8760e84dfd1bcee2021-12-22 12:47:22.202root 11241100x80000000000000004030671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750c4f007b4e7e182021-12-22 12:47:22.202root 11241100x80000000000000004030672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d8781ac76498c32021-12-22 12:47:22.203root 11241100x80000000000000004030673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b4f9543e72e0b62021-12-22 12:47:22.203root 11241100x80000000000000004030674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392b10992d8fe4c52021-12-22 12:47:22.203root 11241100x80000000000000004030675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d3585f791dadb92021-12-22 12:47:22.693root 11241100x80000000000000004030676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f128fe99aa7edcf72021-12-22 12:47:22.693root 11241100x80000000000000004030677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713341d803d33d112021-12-22 12:47:22.693root 11241100x80000000000000004030678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2641f3ed1bea982021-12-22 12:47:22.693root 11241100x80000000000000004030679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525510f23609e1662021-12-22 12:47:22.694root 11241100x80000000000000004030680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0ac2b1375f19c22021-12-22 12:47:22.694root 11241100x80000000000000004030681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be3204c26e6f48c2021-12-22 12:47:22.694root 11241100x80000000000000004030682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fa54c3d0f8efd32021-12-22 12:47:22.694root 11241100x80000000000000004030683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9ea58909fcd0822021-12-22 12:47:22.694root 11241100x80000000000000004030684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce6feae80669f6e2021-12-22 12:47:22.695root 11241100x80000000000000004030685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624c903cf1d5bf5b2021-12-22 12:47:22.695root 11241100x80000000000000004030686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd45eb50e98f78122021-12-22 12:47:22.695root 11241100x80000000000000004030687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f64025bcc03e372021-12-22 12:47:22.695root 11241100x80000000000000004030688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a519e974677c872021-12-22 12:47:22.696root 11241100x80000000000000004030689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4368e11568d29cd2021-12-22 12:47:22.696root 11241100x80000000000000004030690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11ebd8c29f0f3c72021-12-22 12:47:22.696root 11241100x80000000000000004030691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8be0cab591a68512021-12-22 12:47:22.696root 11241100x80000000000000004030692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346f773ce3d13b3a2021-12-22 12:47:22.696root 11241100x80000000000000004030693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87534411a19eacf42021-12-22 12:47:22.697root 11241100x80000000000000004030694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0859a894626806712021-12-22 12:47:22.697root 11241100x80000000000000004030695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3baf089b05766b42021-12-22 12:47:22.697root 11241100x80000000000000004030696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1366e976537986662021-12-22 12:47:22.697root 11241100x80000000000000004030697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da0b3b8fbac66942021-12-22 12:47:22.697root 11241100x80000000000000004030698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d552be0594162e42021-12-22 12:47:22.697root 11241100x80000000000000004030699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661c4850a96237ad2021-12-22 12:47:22.697root 11241100x80000000000000004030700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddf8eb8f5426bbc2021-12-22 12:47:22.697root 11241100x80000000000000004030701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1409333ac6cc88ff2021-12-22 12:47:22.697root 11241100x80000000000000004030702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33259540563da9112021-12-22 12:47:22.697root 11241100x80000000000000004030703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61f68c6f11605a12021-12-22 12:47:22.697root 11241100x80000000000000004030704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f669c3c8e124dc42021-12-22 12:47:22.698root 11241100x80000000000000004030705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8363c4523bceda492021-12-22 12:47:22.698root 11241100x80000000000000004030706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1d0cefa218c4642021-12-22 12:47:22.698root 11241100x80000000000000004030707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea81c93e33a2a352021-12-22 12:47:22.698root 11241100x80000000000000004030708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba9b28c111002b62021-12-22 12:47:22.698root 11241100x80000000000000004030709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3aa596e005a3302021-12-22 12:47:22.698root 11241100x80000000000000004030710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881a840bc9193fc22021-12-22 12:47:22.698root 11241100x80000000000000004030711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d82b665c1de1b0d2021-12-22 12:47:22.698root 11241100x80000000000000004030712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22f822f54f4472c2021-12-22 12:47:22.698root 11241100x80000000000000004030713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75e79074f22703a2021-12-22 12:47:22.699root 11241100x80000000000000004030714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffc85b97aee41652021-12-22 12:47:23.193root 11241100x80000000000000004030715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41588a3cdba48de62021-12-22 12:47:23.193root 11241100x80000000000000004030716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472090ddf37188332021-12-22 12:47:23.194root 11241100x80000000000000004030717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2a996a84e4adf32021-12-22 12:47:23.194root 11241100x80000000000000004030718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd00328a4eee7282021-12-22 12:47:23.194root 11241100x80000000000000004030719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abccb252181b0c542021-12-22 12:47:23.194root 11241100x80000000000000004030720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52addfc32a9dcb1a2021-12-22 12:47:23.194root 11241100x80000000000000004030721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f34f6dd7a0811092021-12-22 12:47:23.195root 11241100x80000000000000004030722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791af3a2382021222021-12-22 12:47:23.195root 11241100x80000000000000004030723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b556bf6481249e2021-12-22 12:47:23.195root 11241100x80000000000000004030724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9365c70187d3162021-12-22 12:47:23.196root 11241100x80000000000000004030725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e337131f83cf2b2021-12-22 12:47:23.196root 11241100x80000000000000004030726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a60508ed8f0bb12021-12-22 12:47:23.196root 11241100x80000000000000004030727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dac07ff519550282021-12-22 12:47:23.196root 11241100x80000000000000004030728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997d0b4ed760a8dd2021-12-22 12:47:23.196root 11241100x80000000000000004030729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1e6aea2d20e55c2021-12-22 12:47:23.197root 11241100x80000000000000004030730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c72e43d8daf0622021-12-22 12:47:23.197root 11241100x80000000000000004030731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926ff3271866bf662021-12-22 12:47:23.197root 11241100x80000000000000004030732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8773d2785361159e2021-12-22 12:47:23.197root 11241100x80000000000000004030733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24f1772ad9498e22021-12-22 12:47:23.198root 11241100x80000000000000004030734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc28b55d703175092021-12-22 12:47:23.198root 11241100x80000000000000004030735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9febe9db5f6af02f2021-12-22 12:47:23.198root 11241100x80000000000000004030736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2375d18bd9c260b2021-12-22 12:47:23.198root 11241100x80000000000000004030737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fce3f15f74f740a2021-12-22 12:47:23.198root 11241100x80000000000000004030738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8883f58a1e454cb72021-12-22 12:47:23.199root 11241100x80000000000000004030739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbade630cfb7a7262021-12-22 12:47:23.199root 11241100x80000000000000004030740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b1f7d4a816bfd52021-12-22 12:47:23.199root 11241100x80000000000000004030741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0c368a1d3fecbd2021-12-22 12:47:23.199root 11241100x80000000000000004030742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4722aa31da1ac42021-12-22 12:47:23.199root 11241100x80000000000000004030743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b905b0522c5090b22021-12-22 12:47:23.199root 11241100x80000000000000004030744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8121938c9e668c9a2021-12-22 12:47:23.200root 11241100x80000000000000004030745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a503ee38b653d4262021-12-22 12:47:23.200root 11241100x80000000000000004030746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8badcf33c59c8d8b2021-12-22 12:47:23.200root 11241100x80000000000000004030747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e36722522f2edda2021-12-22 12:47:23.200root 11241100x80000000000000004030748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d57519490f0a192021-12-22 12:47:23.200root 11241100x80000000000000004030749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d518fe031a330a2021-12-22 12:47:23.200root 11241100x80000000000000004030750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004cf6f5cfaaf0382021-12-22 12:47:23.200root 11241100x80000000000000004030751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bf96c5d2f29e142021-12-22 12:47:23.200root 11241100x80000000000000004030752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0485b8a0fae503bb2021-12-22 12:47:23.200root 11241100x80000000000000004030753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec356efee5464fe2021-12-22 12:47:23.200root 11241100x80000000000000004030754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892a20ca0600a7a22021-12-22 12:47:23.201root 11241100x80000000000000004030755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f523d680bc166412021-12-22 12:47:23.201root 11241100x80000000000000004030756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05820c0ddc762da2021-12-22 12:47:23.693root 11241100x80000000000000004030757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773ab769bf15e9122021-12-22 12:47:23.693root 11241100x80000000000000004030758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b43ca97e87bab92021-12-22 12:47:23.694root 11241100x80000000000000004030759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b6406f5bc02c222021-12-22 12:47:23.694root 11241100x80000000000000004030760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74e622f09b6b9be2021-12-22 12:47:23.694root 11241100x80000000000000004030761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ef9d0517ee24222021-12-22 12:47:23.694root 11241100x80000000000000004030762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dd7a0a9cba5e9c2021-12-22 12:47:23.694root 11241100x80000000000000004030763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcf17fa1fd73b812021-12-22 12:47:23.694root 11241100x80000000000000004030764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c42da51e0731ee2021-12-22 12:47:23.694root 11241100x80000000000000004030765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b94099df53ceb312021-12-22 12:47:23.694root 11241100x80000000000000004030766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86b413c064e10cf2021-12-22 12:47:23.694root 11241100x80000000000000004030767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d111b830f227b49c2021-12-22 12:47:23.694root 11241100x80000000000000004030768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf686cbfabec629b2021-12-22 12:47:23.695root 11241100x80000000000000004030769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2a06196be42da22021-12-22 12:47:23.695root 11241100x80000000000000004030770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fada61424c27c3a2021-12-22 12:47:23.695root 11241100x80000000000000004030771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2624cf15d6a5712021-12-22 12:47:23.695root 11241100x80000000000000004030772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddde793324602dd2021-12-22 12:47:23.695root 11241100x80000000000000004030773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544f92001c3d89762021-12-22 12:47:23.695root 11241100x80000000000000004030774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8015059cd3c0c37c2021-12-22 12:47:23.695root 11241100x80000000000000004030775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09ed4caa392c0652021-12-22 12:47:23.695root 11241100x80000000000000004030776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a7dc3c60ba2a4b2021-12-22 12:47:23.695root 11241100x80000000000000004030777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9ce58ac9df83602021-12-22 12:47:23.695root 11241100x80000000000000004030778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886dfa06c9507b502021-12-22 12:47:23.695root 11241100x80000000000000004030779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f00c7f0cf97cd62021-12-22 12:47:23.696root 11241100x80000000000000004030780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3438f94c558f0a2021-12-22 12:47:23.696root 11241100x80000000000000004030781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01fa5bd781a1ebd2021-12-22 12:47:23.696root 11241100x80000000000000004030782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d482621e0629d9b32021-12-22 12:47:23.696root 11241100x80000000000000004030783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d3d1646e8004e12021-12-22 12:47:23.696root 11241100x80000000000000004030784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b59b458612e5c852021-12-22 12:47:23.696root 11241100x80000000000000004030785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b95e810499437af2021-12-22 12:47:23.696root 11241100x80000000000000004030786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc36d10a9e82d8c2021-12-22 12:47:23.696root 11241100x80000000000000004030787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e6b345c745a4712021-12-22 12:47:23.696root 11241100x80000000000000004030788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088b4d807ff19e8c2021-12-22 12:47:23.696root 11241100x80000000000000004030789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c22cd364e902c732021-12-22 12:47:23.697root 11241100x80000000000000004030790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a917324883e8f23c2021-12-22 12:47:23.697root 11241100x80000000000000004030791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dd70e9dac3824e2021-12-22 12:47:23.697root 11241100x80000000000000004030792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b1b64fee1e99d32021-12-22 12:47:23.697root 11241100x80000000000000004030793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98865f93fb716722021-12-22 12:47:23.697root 11241100x80000000000000004030794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d63ea628d0f16572021-12-22 12:47:23.697root 11241100x80000000000000004030795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1f69a7905a06692021-12-22 12:47:23.697root 11241100x80000000000000004030796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28978cae553f5aea2021-12-22 12:47:23.697root 11241100x80000000000000004030797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d74caaa7a5136a2021-12-22 12:47:23.697root 11241100x80000000000000004030798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5eba1c95ca55422021-12-22 12:47:23.697root 354300x80000000000000004030799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.114{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56908-false10.0.1.12-8000- 11241100x80000000000000004030800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650c45308c6e097d2021-12-22 12:47:24.114root 11241100x80000000000000004030801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28eda30aad7d475a2021-12-22 12:47:24.115root 11241100x80000000000000004030802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0b4e75522fec8e2021-12-22 12:47:24.115root 11241100x80000000000000004030803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef8914cc5e1bbe52021-12-22 12:47:24.116root 11241100x80000000000000004030804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224a5ecc9ac3dcc02021-12-22 12:47:24.116root 11241100x80000000000000004030805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9444f3d6189416db2021-12-22 12:47:24.116root 11241100x80000000000000004030806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a70bfbd5f27b4652021-12-22 12:47:24.116root 11241100x80000000000000004030807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf868aaaa7fba262021-12-22 12:47:24.117root 11241100x80000000000000004030808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441d2a8ef3452d062021-12-22 12:47:24.118root 11241100x80000000000000004030809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef071d7a1575690e2021-12-22 12:47:24.118root 11241100x80000000000000004030810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf1b44d05aa99492021-12-22 12:47:24.118root 11241100x80000000000000004030811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f5e28a553be3d02021-12-22 12:47:24.119root 11241100x80000000000000004030812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051812e105b2d4302021-12-22 12:47:24.119root 11241100x80000000000000004030813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8f023f59ac33fa2021-12-22 12:47:24.119root 11241100x80000000000000004030814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccea3f91da8ad04a2021-12-22 12:47:24.119root 11241100x80000000000000004030815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9864d3cff11b0fcd2021-12-22 12:47:24.119root 11241100x80000000000000004030816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f105d452e3e517302021-12-22 12:47:24.119root 11241100x80000000000000004030817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d615ee35b222c42021-12-22 12:47:24.119root 11241100x80000000000000004030818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d6c6047af816822021-12-22 12:47:24.120root 11241100x80000000000000004030819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2465ff097d9141332021-12-22 12:47:24.120root 11241100x80000000000000004030820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78c967658ab7c222021-12-22 12:47:24.120root 11241100x80000000000000004030821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab1d330eda81b4c2021-12-22 12:47:24.120root 11241100x80000000000000004030822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaf867a48c24b2f2021-12-22 12:47:24.120root 11241100x80000000000000004030823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf02bf4ce983cfd2021-12-22 12:47:24.120root 11241100x80000000000000004030824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6adf3f6f34999662021-12-22 12:47:24.120root 11241100x80000000000000004030825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa176cf330a567d92021-12-22 12:47:24.120root 11241100x80000000000000004030826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afad66842cc263302021-12-22 12:47:24.120root 11241100x80000000000000004030827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3fed44387438212021-12-22 12:47:24.120root 11241100x80000000000000004030828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2b5732545509382021-12-22 12:47:24.120root 11241100x80000000000000004030829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d112a5b45c0ca92021-12-22 12:47:24.120root 11241100x80000000000000004030830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14cdea532efe0a22021-12-22 12:47:24.120root 11241100x80000000000000004030831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84276da2bcd824112021-12-22 12:47:24.120root 11241100x80000000000000004030832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9509d6d3ce46ad932021-12-22 12:47:24.120root 11241100x80000000000000004030833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079b97a4ce32fb312021-12-22 12:47:24.121root 11241100x80000000000000004030834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75acce9af8c56d22021-12-22 12:47:24.121root 11241100x80000000000000004030835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50072f0640672cd72021-12-22 12:47:24.121root 11241100x80000000000000004030836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27aaebd53049622f2021-12-22 12:47:24.121root 11241100x80000000000000004030837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4238d46dab681f22021-12-22 12:47:24.121root 11241100x80000000000000004030838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dd5711c998ed032021-12-22 12:47:24.121root 11241100x80000000000000004030839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7273fb7e727cbf2021-12-22 12:47:24.121root 11241100x80000000000000004030840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b983b4e97f055a2021-12-22 12:47:24.121root 11241100x80000000000000004030841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0f907e667222c72021-12-22 12:47:24.121root 11241100x80000000000000004030842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e48384b2be597c72021-12-22 12:47:24.121root 11241100x80000000000000004030843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332bb2aab670660c2021-12-22 12:47:24.121root 11241100x80000000000000004030844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23444de882178692021-12-22 12:47:24.122root 11241100x80000000000000004030845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd38dbc1249ea4fc2021-12-22 12:47:24.443root 11241100x80000000000000004030846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6096261ada71cc182021-12-22 12:47:24.443root 11241100x80000000000000004030847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2a044afb67d5892021-12-22 12:47:24.443root 11241100x80000000000000004030848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c83105f87865a62021-12-22 12:47:24.443root 11241100x80000000000000004030849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f2016e1a5110972021-12-22 12:47:24.443root 11241100x80000000000000004030850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccf147e3abec8542021-12-22 12:47:24.443root 11241100x80000000000000004030851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe80053a8e338172021-12-22 12:47:24.444root 11241100x80000000000000004030852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f330cb05df2772542021-12-22 12:47:24.444root 11241100x80000000000000004030853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff69398da6d286f2021-12-22 12:47:24.444root 11241100x80000000000000004030854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e5b895a68a26dd2021-12-22 12:47:24.444root 11241100x80000000000000004030855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8804f123eed24ecf2021-12-22 12:47:24.444root 11241100x80000000000000004030856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad355a790cdcde002021-12-22 12:47:24.444root 11241100x80000000000000004030857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8486dcdae536672021-12-22 12:47:24.444root 11241100x80000000000000004030858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26df9ba76e2ec882021-12-22 12:47:24.444root 11241100x80000000000000004030859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e5004fe484c3bb2021-12-22 12:47:24.444root 11241100x80000000000000004030860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0fc6bc461fb9352021-12-22 12:47:24.444root 11241100x80000000000000004030861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fbd82c079ad7fe2021-12-22 12:47:24.445root 11241100x80000000000000004030862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52fb4df68ac9af42021-12-22 12:47:24.445root 11241100x80000000000000004030863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f323235ea347f0a2021-12-22 12:47:24.445root 11241100x80000000000000004030864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debcc3f7e8912c602021-12-22 12:47:24.445root 11241100x80000000000000004030865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f633df645b8a2242021-12-22 12:47:24.445root 11241100x80000000000000004030866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f9d53eee8c825b2021-12-22 12:47:24.445root 11241100x80000000000000004030867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4045b6e57a8cdfff2021-12-22 12:47:24.445root 11241100x80000000000000004030868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0465061172088f852021-12-22 12:47:24.445root 11241100x80000000000000004030869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d9372283f530b52021-12-22 12:47:24.445root 11241100x80000000000000004030870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc113d3d5f72a382021-12-22 12:47:24.445root 11241100x80000000000000004030871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4da1ca95f61802c2021-12-22 12:47:24.445root 11241100x80000000000000004030872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8915b281f6d14bb62021-12-22 12:47:24.446root 11241100x80000000000000004030873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d966e9487f2522f12021-12-22 12:47:24.446root 11241100x80000000000000004030874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783731dbc5e850402021-12-22 12:47:24.446root 11241100x80000000000000004030875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c885b5ccbeeee5372021-12-22 12:47:24.446root 11241100x80000000000000004030876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9290ad2de9e50a2f2021-12-22 12:47:24.446root 11241100x80000000000000004030877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e2e45436e5aeeb2021-12-22 12:47:24.446root 11241100x80000000000000004030878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a08ee83541ad822021-12-22 12:47:24.447root 11241100x80000000000000004030879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edecbeb78db6b3a2021-12-22 12:47:24.447root 11241100x80000000000000004030880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f54b8560741980c2021-12-22 12:47:24.447root 11241100x80000000000000004030881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720cfabe88a81ee62021-12-22 12:47:24.447root 11241100x80000000000000004030882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e00b0c14a449b1c2021-12-22 12:47:24.448root 11241100x80000000000000004030883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c999b3e970e90052021-12-22 12:47:24.448root 11241100x80000000000000004030884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd77e3b95b894a62021-12-22 12:47:24.448root 11241100x80000000000000004030885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db49936c57c3e6d12021-12-22 12:47:24.449root 11241100x80000000000000004030886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722d4fb88a6f2d242021-12-22 12:47:24.449root 11241100x80000000000000004030887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f711d19f9462c7452021-12-22 12:47:24.449root 11241100x80000000000000004030888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bb26a3393379722021-12-22 12:47:24.450root 11241100x80000000000000004030889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80911c1ff24ecb62021-12-22 12:47:24.450root 11241100x80000000000000004030890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8f1358a254ab1d2021-12-22 12:47:24.450root 11241100x80000000000000004030891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d59400420b1d64f2021-12-22 12:47:24.450root 11241100x80000000000000004030892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de100d39366502042021-12-22 12:47:24.451root 11241100x80000000000000004030893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aa65f6d89691222021-12-22 12:47:24.451root 11241100x80000000000000004030894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ccb3b9fef0b67c2021-12-22 12:47:24.451root 11241100x80000000000000004030895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f7774038b58e6c2021-12-22 12:47:24.451root 11241100x80000000000000004030896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0f3b1e83d21ed32021-12-22 12:47:24.451root 11241100x80000000000000004030897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5a849f068d88212021-12-22 12:47:24.451root 11241100x80000000000000004030898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f946ea580d265ad2021-12-22 12:47:24.452root 11241100x80000000000000004030899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073d0748e0d84a132021-12-22 12:47:24.452root 11241100x80000000000000004030900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a05e60c24100d82021-12-22 12:47:24.452root 11241100x80000000000000004030901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36594126d0658f5b2021-12-22 12:47:24.452root 11241100x80000000000000004030902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30de7d47cf83c6f92021-12-22 12:47:24.452root 11241100x80000000000000004030903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32728dc1d6ceab902021-12-22 12:47:24.452root 11241100x80000000000000004030904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65a565b1ed2a8522021-12-22 12:47:24.453root 11241100x80000000000000004030905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20dd828abb48d202021-12-22 12:47:24.453root 11241100x80000000000000004030906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9687c6ff3686af2021-12-22 12:47:24.453root 11241100x80000000000000004030907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94acae55c4097832021-12-22 12:47:24.453root 11241100x80000000000000004030908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938cb21154a294752021-12-22 12:47:24.453root 11241100x80000000000000004030909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0eb06ae44ce7f32021-12-22 12:47:24.453root 11241100x80000000000000004030910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148a04bb5a4834712021-12-22 12:47:24.454root 11241100x80000000000000004030911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84325d0ccc808e62021-12-22 12:47:24.943root 11241100x80000000000000004030912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728e1f5b430c870a2021-12-22 12:47:24.943root 11241100x80000000000000004030913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135d84fec25865052021-12-22 12:47:24.943root 11241100x80000000000000004030914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190d8c573e60be242021-12-22 12:47:24.943root 11241100x80000000000000004030915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e59350872eca5d32021-12-22 12:47:24.943root 11241100x80000000000000004030916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0884bd38cdfc892021-12-22 12:47:24.944root 11241100x80000000000000004030917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1bb665cfe7bfbc2021-12-22 12:47:24.944root 11241100x80000000000000004030918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9487fd2a1692d12021-12-22 12:47:24.944root 11241100x80000000000000004030919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0bd5e65126de2a2021-12-22 12:47:24.944root 11241100x80000000000000004030920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e473f599169893e82021-12-22 12:47:24.944root 11241100x80000000000000004030921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b680e2094f2f913c2021-12-22 12:47:24.944root 11241100x80000000000000004030922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e47567d7653edf2021-12-22 12:47:24.944root 11241100x80000000000000004030923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0547b56a1c1965e2021-12-22 12:47:24.944root 11241100x80000000000000004030924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77e63ba6ccef7742021-12-22 12:47:24.944root 11241100x80000000000000004030925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42fe1ae37856b792021-12-22 12:47:24.944root 11241100x80000000000000004030926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43c1d5c687a8ee12021-12-22 12:47:24.944root 11241100x80000000000000004030927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4725608819e4a7a2021-12-22 12:47:24.944root 11241100x80000000000000004030928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8219bcd881849c92021-12-22 12:47:24.944root 11241100x80000000000000004030929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff23d571118b25b2021-12-22 12:47:24.944root 11241100x80000000000000004030930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb891278e7ced8ef2021-12-22 12:47:24.944root 11241100x80000000000000004030931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec3e7a1ca0512652021-12-22 12:47:24.945root 11241100x80000000000000004030932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127e853adb40fadc2021-12-22 12:47:24.945root 11241100x80000000000000004030933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db64b2369554bda52021-12-22 12:47:24.945root 11241100x80000000000000004030934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a98115b1e0cc542021-12-22 12:47:24.945root 11241100x80000000000000004030935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2410867a19c4912021-12-22 12:47:24.945root 11241100x80000000000000004030936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09559bce19493b412021-12-22 12:47:24.945root 11241100x80000000000000004030937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749bff017ab4ef3a2021-12-22 12:47:24.945root 11241100x80000000000000004030938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80133beec591318e2021-12-22 12:47:24.945root 11241100x80000000000000004030939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118cba82760e73f02021-12-22 12:47:24.945root 11241100x80000000000000004030940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ca2b2ed246f5322021-12-22 12:47:24.945root 11241100x80000000000000004030941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8f5a2d6c5700062021-12-22 12:47:24.945root 11241100x80000000000000004030942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ddac141f485e2a2021-12-22 12:47:24.945root 11241100x80000000000000004030943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef4159deede43ab2021-12-22 12:47:24.945root 11241100x80000000000000004030944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbfeae2465d729b2021-12-22 12:47:24.945root 11241100x80000000000000004030945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2c451057b825792021-12-22 12:47:24.945root 11241100x80000000000000004030946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c962a045a615ae2021-12-22 12:47:24.945root 11241100x80000000000000004030947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf20020fba1afbc2021-12-22 12:47:24.946root 11241100x80000000000000004030948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027ae02c60fd0ba32021-12-22 12:47:24.946root 11241100x80000000000000004030949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf5640fbea59842021-12-22 12:47:24.946root 11241100x80000000000000004030950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f992b116b420c72021-12-22 12:47:24.946root 11241100x80000000000000004030951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa2647636b458372021-12-22 12:47:24.946root 154100x80000000000000004030952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.242{ec2b6afe-1e5d-61c3-80ce-1830ec550000}22742/bin/uname-----uname -r/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000004030953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.244{ec2b6afe-1e5d-61c3-80ce-1830ec550000}22742/bin/unameubuntu 11241100x80000000000000004030954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72585892abf319b22021-12-22 12:47:25.244root 11241100x80000000000000004030955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8c84bae04e1d862021-12-22 12:47:25.245root 11241100x80000000000000004030956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5e118f4f5057612021-12-22 12:47:25.245root 11241100x80000000000000004030957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c79ccd7d0c61892021-12-22 12:47:25.245root 11241100x80000000000000004030958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d8cf5bd5038b5d2021-12-22 12:47:25.245root 11241100x80000000000000004030959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587c5730b603bb882021-12-22 12:47:25.245root 11241100x80000000000000004030960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871886bbedac36552021-12-22 12:47:25.245root 11241100x80000000000000004030961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4e400c3b2fce802021-12-22 12:47:25.245root 11241100x80000000000000004030962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ead34d4cd2378f2021-12-22 12:47:25.245root 11241100x80000000000000004030963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c8f7d7067d22372021-12-22 12:47:25.245root 11241100x80000000000000004030964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bda5d69c27d66cf2021-12-22 12:47:25.245root 11241100x80000000000000004030965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9654cc8cbd9632122021-12-22 12:47:25.245root 11241100x80000000000000004030966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea3b00015df8dc32021-12-22 12:47:25.245root 11241100x80000000000000004030967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43e14b8e825cde62021-12-22 12:47:25.246root 11241100x80000000000000004030968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f042c2894283c9a2021-12-22 12:47:25.246root 11241100x80000000000000004030969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04574ece15a0c48b2021-12-22 12:47:25.246root 11241100x80000000000000004030970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b52b19b94d888792021-12-22 12:47:25.246root 11241100x80000000000000004030971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9f918bd8634a112021-12-22 12:47:25.246root 11241100x80000000000000004030972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9da26adfe532dc2021-12-22 12:47:25.246root 11241100x80000000000000004030973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a1df4717567b582021-12-22 12:47:25.246root 11241100x80000000000000004030974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3425604e0cfe78c2021-12-22 12:47:25.246root 11241100x80000000000000004030975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b312981a5b5647cc2021-12-22 12:47:25.246root 11241100x80000000000000004030976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b286c2d2332199ee2021-12-22 12:47:25.246root 11241100x80000000000000004030977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b4c12a7e3b44af2021-12-22 12:47:25.247root 11241100x80000000000000004030978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363e89a786d442aa2021-12-22 12:47:25.247root 11241100x80000000000000004030979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f682600b19be4062021-12-22 12:47:25.247root 11241100x80000000000000004030980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7fed8479ede61e2021-12-22 12:47:25.247root 11241100x80000000000000004030981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182a1fed515632672021-12-22 12:47:25.247root 11241100x80000000000000004030982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f8658c154b5d502021-12-22 12:47:25.247root 11241100x80000000000000004030983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ed8c90f9af980c2021-12-22 12:47:25.247root 11241100x80000000000000004030984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc2594fc35cf5d32021-12-22 12:47:25.247root 11241100x80000000000000004030985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2c4e14e9f73a362021-12-22 12:47:25.247root 11241100x80000000000000004030986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e4aadae4c4d3862021-12-22 12:47:25.247root 11241100x80000000000000004030987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1111b6a1e26f7c0b2021-12-22 12:47:25.247root 11241100x80000000000000004030988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cc978597437e022021-12-22 12:47:25.248root 11241100x80000000000000004030989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c85163ac68a3e0c2021-12-22 12:47:25.248root 11241100x80000000000000004030990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d268a8195241fb2021-12-22 12:47:25.248root 11241100x80000000000000004030991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9faa62b536d4ca2021-12-22 12:47:25.248root 11241100x80000000000000004030992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40fcf815a26957e2021-12-22 12:47:25.248root 11241100x80000000000000004030993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8726cc7db23b89222021-12-22 12:47:25.248root 11241100x80000000000000004030994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594bf81f720e385d2021-12-22 12:47:25.248root 11241100x80000000000000004030995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca34fcff3cb3a1412021-12-22 12:47:25.248root 11241100x80000000000000004030996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1817011b789bb9d32021-12-22 12:47:25.248root 11241100x80000000000000004030997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbec36bfbf8e6052021-12-22 12:47:25.249root 11241100x80000000000000004030998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da78c2849a2d07232021-12-22 12:47:25.249root 154100x80000000000000004030999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-1e5d-61c3-f8aa-4ad535560000}22748/bin/sed-----sed -ne s/^\(.*\)\.k\{0,1\}o\(\.[gx]z\)\{0,1\}$/\1/p/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{00000000-0000-0000-0000-000000000000}22746--- 154100x80000000000000004031000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.246{ec2b6afe-1e5d-61c3-e826-5add7b550000}22747/bin/ls-----ls -RL /lib/modules/5.4.0-1060-aws/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{00000000-0000-0000-0000-000000000000}22745--- 11241100x80000000000000004031001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32710d331af341b22021-12-22 12:47:25.249root 11241100x80000000000000004031002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e114a95ba427256c2021-12-22 12:47:25.249root 11241100x80000000000000004031003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d418f842cafe59b2021-12-22 12:47:25.250root 11241100x80000000000000004031004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c90d3c283156722021-12-22 12:47:25.250root 11241100x80000000000000004031005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37de9917f214e1892021-12-22 12:47:25.250root 11241100x80000000000000004031006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eec4ac3a80db9c52021-12-22 12:47:25.250root 11241100x80000000000000004031007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f100a9d34ddef8af2021-12-22 12:47:25.251root 11241100x80000000000000004031008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03734ca6e969c252021-12-22 12:47:25.251root 11241100x80000000000000004031009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daab150860a28342021-12-22 12:47:25.251root 11241100x80000000000000004031010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30561ab58153f2b2021-12-22 12:47:25.251root 11241100x80000000000000004031011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb16d2df74758d92021-12-22 12:47:25.252root 11241100x80000000000000004031012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e12cf8e9ab5f702021-12-22 12:47:25.252root 11241100x80000000000000004031013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945237077fdd88f62021-12-22 12:47:25.252root 11241100x80000000000000004031014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d75f979a132b982021-12-22 12:47:25.252root 11241100x80000000000000004031015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf62b1a9eb0b36a2021-12-22 12:47:25.252root 11241100x80000000000000004031016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfe84f232f584032021-12-22 12:47:25.252root 534500x80000000000000004031017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.516{ec2b6afe-1e5d-61c3-e826-5add7b550000}22747/bin/lsubuntu 534500x80000000000000004031018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.517{00000000-0000-0000-0000-000000000000}22745<unknown process>ubuntu 534500x80000000000000004031019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.517{ec2b6afe-1e5d-61c3-f8aa-4ad535560000}22748/bin/sedubuntu 11241100x80000000000000004031020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.517{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62adccd7d28db522021-12-22 12:47:25.517root 534500x80000000000000004031021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.517{00000000-0000-0000-0000-000000000000}22746<unknown process>ubuntu 11241100x80000000000000004031022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.517{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0508bb1257c27e162021-12-22 12:47:25.517root 534500x80000000000000004031023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.518{ec2b6afe-1e3c-61c3-0000-000000000000}22744-ubuntu 11241100x80000000000000004031024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c390a39cda57cf02021-12-22 12:47:25.518root 11241100x80000000000000004031025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3123e88a436990b22021-12-22 12:47:25.518root 11241100x80000000000000004031026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdee3f7874ee6c572021-12-22 12:47:25.518root 11241100x80000000000000004031027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038f3e7250cd6dd02021-12-22 12:47:25.518root 11241100x80000000000000004031028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8b27da5dd998752021-12-22 12:47:25.518root 11241100x80000000000000004031029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.519{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135a1cf2e4ee43a32021-12-22 12:47:25.519root 11241100x80000000000000004031030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.519{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52993c9860bbc602021-12-22 12:47:25.519root 11241100x80000000000000004031031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.519{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d40a210fc17af5e2021-12-22 12:47:25.519root 11241100x80000000000000004031032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.519{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0f9a7dede21c382021-12-22 12:47:25.519root 11241100x80000000000000004031033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.519{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8174b7f5cd55d5e72021-12-22 12:47:25.519root 11241100x80000000000000004031034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.520{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23634f31b1d34772021-12-22 12:47:25.520root 11241100x80000000000000004031035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.520{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a635e5ea970e2142021-12-22 12:47:25.520root 11241100x80000000000000004031036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.520{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77014fd9aff940c92021-12-22 12:47:25.520root 11241100x80000000000000004031037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.520{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881e1d2e07c7d1c82021-12-22 12:47:25.520root 11241100x80000000000000004031038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.520{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6b392dbebf063a2021-12-22 12:47:25.520root 11241100x80000000000000004031039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.520{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ee284adbf9e34c2021-12-22 12:47:25.520root 11241100x80000000000000004031040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.521{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bba18eaa67e1422021-12-22 12:47:25.521root 11241100x80000000000000004031041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.521{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78df6f29006fc0cf2021-12-22 12:47:25.521root 11241100x80000000000000004031042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.521{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3242695bcac115892021-12-22 12:47:25.521root 11241100x80000000000000004031043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.521{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62482579f3b6537d2021-12-22 12:47:25.521root 11241100x80000000000000004031044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.521{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1bd56f4de5d3c42021-12-22 12:47:25.521root 11241100x80000000000000004031045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.521{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6119eed2658033de2021-12-22 12:47:25.521root 11241100x80000000000000004031046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af81987abc582042021-12-22 12:47:25.522root 11241100x80000000000000004031047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b264a46d2dc043b32021-12-22 12:47:25.522root 534500x80000000000000004031048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.522{00000000-0000-0000-0000-000000000000}22743<unknown process>ubuntu 11241100x80000000000000004031049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9a3200998861cd2021-12-22 12:47:25.522root 11241100x80000000000000004031050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf430eb894b30ed2021-12-22 12:47:25.522root 11241100x80000000000000004031051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5713072d61d723dd2021-12-22 12:47:25.522root 11241100x80000000000000004031052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a121ec1301932c2021-12-22 12:47:25.522root 11241100x80000000000000004031053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5863ef0edc61f892021-12-22 12:47:25.522root 11241100x80000000000000004031054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d4801ef997d1362021-12-22 12:47:25.522root 11241100x80000000000000004031055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff622d280e8b05f62021-12-22 12:47:25.523root 11241100x80000000000000004031056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717432fdbcc2da3c2021-12-22 12:47:25.523root 11241100x80000000000000004031057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d449b67021537c2021-12-22 12:47:25.523root 11241100x80000000000000004031058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6432f61eb89c29f62021-12-22 12:47:25.523root 11241100x80000000000000004031059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8926c8a03cb22752021-12-22 12:47:25.523root 11241100x80000000000000004031060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71eef05a38134db2021-12-22 12:47:25.523root 11241100x80000000000000004031061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245a901e5b01c4872021-12-22 12:47:25.523root 11241100x80000000000000004031062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127ea65941986a942021-12-22 12:47:25.523root 11241100x80000000000000004031063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118ed86ec949a3182021-12-22 12:47:25.523root 11241100x80000000000000004031064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32dc0d415407d7d12021-12-22 12:47:25.523root 11241100x80000000000000004031065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5e4d9f32866d5e2021-12-22 12:47:25.524root 11241100x80000000000000004031066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66314eef604e0db12021-12-22 12:47:25.524root 11241100x80000000000000004031067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5f255069f6d8642021-12-22 12:47:25.524root 11241100x80000000000000004031068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9c8df772f568822021-12-22 12:47:25.524root 11241100x80000000000000004031069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954c501cf7f7ac702021-12-22 12:47:25.524root 11241100x80000000000000004031070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967dc67afccaacd02021-12-22 12:47:25.524root 11241100x80000000000000004031071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecd98472f80405b2021-12-22 12:47:25.524root 11241100x80000000000000004031072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0350bc85842166f52021-12-22 12:47:25.524root 11241100x80000000000000004031073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a88aa0c48592522021-12-22 12:47:25.524root 11241100x80000000000000004031074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d661e2ca61779fe2021-12-22 12:47:25.524root 11241100x80000000000000004031075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8264631b656a8eb72021-12-22 12:47:25.525root 11241100x80000000000000004031076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd101a6e190a7742021-12-22 12:47:25.525root 11241100x80000000000000004031077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a7a416d8e70c6c2021-12-22 12:47:25.525root 11241100x80000000000000004031078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f983376cc56aac2021-12-22 12:47:25.525root 11241100x80000000000000004031079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e0d4943d7974ac2021-12-22 12:47:25.525root 11241100x80000000000000004031080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef77feb46362854f2021-12-22 12:47:25.525root 11241100x80000000000000004031081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409906d72d59494b2021-12-22 12:47:25.525root 11241100x80000000000000004031082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ab780cfdead4d92021-12-22 12:47:25.525root 11241100x80000000000000004031083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d558379d5006cb6a2021-12-22 12:47:25.525root 11241100x80000000000000004031084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d7b03dda663ba42021-12-22 12:47:25.525root 11241100x80000000000000004031085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8541e7940d1fb62021-12-22 12:47:25.526root 11241100x80000000000000004031086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685b434bcdf34ba12021-12-22 12:47:25.526root 11241100x80000000000000004031087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f89f46c602946d92021-12-22 12:47:25.526root 11241100x80000000000000004031088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe9091ac4d82e162021-12-22 12:47:25.526root 11241100x80000000000000004031089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea64ff94f6b79812021-12-22 12:47:25.526root 154100x80000000000000004031090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-1e5d-61c3-f05c-19806d550000}22752/usr/bin/gawk-----awk {if (NR != 1) print $1}/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{00000000-0000-0000-0000-000000000000}22750--- 154100x80000000000000004031091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.524{ec2b6afe-1e5d-61c3-505d-5f09a2550000}22751/bin/kmod-----lsmod/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{00000000-0000-0000-0000-000000000000}22750--- 534500x80000000000000004031092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.528{ec2b6afe-1e5d-61c3-505d-5f09a2550000}22751/bin/kmodubuntu 534500x80000000000000004031093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.529{ec2b6afe-1e5d-61c3-f05c-19806d550000}22752/usr/bin/gawkubuntu 534500x80000000000000004031094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.529{ec2b6afe-1e3c-61c3-0000-000000000000}22750-ubuntu 534500x80000000000000004031095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.530{ec2b6afe-1e3c-61c3-0000-000000000000}22749-ubuntu 11241100x80000000000000004031096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd530ebdb820d1b2021-12-22 12:47:25.943root 11241100x80000000000000004031097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77820635f7dee2d72021-12-22 12:47:25.943root 11241100x80000000000000004031098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ce9c0dbbd9cb402021-12-22 12:47:25.943root 11241100x80000000000000004031099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd7220bb53ac8cf2021-12-22 12:47:25.943root 11241100x80000000000000004031100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba18cfc648fc52d82021-12-22 12:47:25.944root 11241100x80000000000000004031101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8b5218d2d9a2c92021-12-22 12:47:25.944root 11241100x80000000000000004031102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc8d66cc35aa3f62021-12-22 12:47:25.944root 11241100x80000000000000004031103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db0a0e63fd147e02021-12-22 12:47:25.944root 11241100x80000000000000004031104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f33b0da1daf9542021-12-22 12:47:25.944root 11241100x80000000000000004031105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237a3efb941b49c52021-12-22 12:47:25.944root 11241100x80000000000000004031106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20681ab0c200b52d2021-12-22 12:47:25.944root 11241100x80000000000000004031107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eee5d4fb3589e0c2021-12-22 12:47:25.944root 11241100x80000000000000004031108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3397990181e5bc2021-12-22 12:47:25.944root 11241100x80000000000000004031109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e3f315fe2bd9b22021-12-22 12:47:25.944root 11241100x80000000000000004031110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b24c0cbdc296692021-12-22 12:47:25.944root 11241100x80000000000000004031111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af491d9492ec9cb02021-12-22 12:47:25.944root 11241100x80000000000000004031112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d3bcc3f574320f2021-12-22 12:47:25.944root 11241100x80000000000000004031113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a01a25e895624b92021-12-22 12:47:25.944root 11241100x80000000000000004031114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5548fe6c5505de382021-12-22 12:47:25.944root 11241100x80000000000000004031115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a94ef0819fb77542021-12-22 12:47:25.944root 11241100x80000000000000004031116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c61d70ca01b7962021-12-22 12:47:25.945root 11241100x80000000000000004031117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec1c96bdc60d0fb2021-12-22 12:47:25.945root 11241100x80000000000000004031118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d4d4add1e990ba2021-12-22 12:47:25.945root 11241100x80000000000000004031119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e5d9f5e1f47fa32021-12-22 12:47:25.945root 11241100x80000000000000004031120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd49d18fab4eaa22021-12-22 12:47:25.945root 11241100x80000000000000004031121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bac432e3e8faa12021-12-22 12:47:25.945root 11241100x80000000000000004031122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba88585f839f3dad2021-12-22 12:47:25.945root 11241100x80000000000000004031123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54597588254df1fe2021-12-22 12:47:25.945root 11241100x80000000000000004031124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f5f33e37e7b8952021-12-22 12:47:25.945root 11241100x80000000000000004031125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca88c5b8c1129b3c2021-12-22 12:47:25.945root 11241100x80000000000000004031126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e9b02b19c4ac6a2021-12-22 12:47:25.945root 11241100x80000000000000004031127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75d7c58701e2cd82021-12-22 12:47:25.945root 11241100x80000000000000004031128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3dcb3d3fa8d6c52021-12-22 12:47:25.945root 11241100x80000000000000004031129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b41cf16f04b040f2021-12-22 12:47:25.945root 11241100x80000000000000004031130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07166fd3d3c3b952021-12-22 12:47:25.945root 11241100x80000000000000004031131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d351b69bb9b30972021-12-22 12:47:25.946root 11241100x80000000000000004031132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99efe227b25d08d52021-12-22 12:47:25.946root 11241100x80000000000000004031133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6303b09e31203432021-12-22 12:47:25.946root 11241100x80000000000000004031134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96122bce72dc4c2c2021-12-22 12:47:25.946root 11241100x80000000000000004031135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15dc7314db16fb82021-12-22 12:47:25.946root 11241100x80000000000000004031136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a69318970bf2c12021-12-22 12:47:25.946root 11241100x80000000000000004031137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fa38a6ce67e5b52021-12-22 12:47:25.946root 11241100x80000000000000004031138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed2bbe8dc7ee9eb2021-12-22 12:47:25.946root 11241100x80000000000000004031139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b95f30abc1fe402021-12-22 12:47:25.946root 11241100x80000000000000004031140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281bdc15456696ea2021-12-22 12:47:25.946root 11241100x80000000000000004031141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5394c32cf2d84e2021-12-22 12:47:25.946root 11241100x80000000000000004031142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a587536470b9d32021-12-22 12:47:25.946root 11241100x80000000000000004031143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07942309e40432f2021-12-22 12:47:25.946root 11241100x80000000000000004031144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3f90b59cc9b7da2021-12-22 12:47:25.946root 11241100x80000000000000004031145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1ddde63b215f422021-12-22 12:47:25.946root 11241100x80000000000000004031146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518545e6becb002c2021-12-22 12:47:25.946root 11241100x80000000000000004031147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626f65eac57481772021-12-22 12:47:25.947root 11241100x80000000000000004031148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a81922740f9a05d2021-12-22 12:47:25.947root 11241100x80000000000000004031149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3bf9ad2cdd6f9d2021-12-22 12:47:25.947root 11241100x80000000000000004031150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f34cf58d2606fc72021-12-22 12:47:25.947root 11241100x80000000000000004031151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88c202aed33c9462021-12-22 12:47:25.947root 11241100x80000000000000004031152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d1a7cf8932c2af2021-12-22 12:47:25.947root 11241100x80000000000000004031153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c15bfb2068509892021-12-22 12:47:25.947root 11241100x80000000000000004031154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc32c8013e507f82021-12-22 12:47:25.947root 11241100x80000000000000004031155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcce56ca640832062021-12-22 12:47:25.947root 11241100x80000000000000004031156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d3c3b912200b632021-12-22 12:47:25.947root 11241100x80000000000000004031157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfcd3803c7e78f02021-12-22 12:47:25.947root 11241100x80000000000000004031158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a9fc1c4087782b2021-12-22 12:47:25.947root 11241100x80000000000000004031159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014c8bd4637257a32021-12-22 12:47:25.947root 11241100x80000000000000004031160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f137c3aa006c37ff2021-12-22 12:47:25.947root 11241100x80000000000000004031161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf62589be2873262021-12-22 12:47:25.947root 11241100x80000000000000004031162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca80b0ebb286e0602021-12-22 12:47:25.948root 11241100x80000000000000004031163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c939021319ae4d2021-12-22 12:47:25.948root 11241100x80000000000000004031164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f3b0a76d5264862021-12-22 12:47:25.948root 11241100x80000000000000004031165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bb47b940ceb1912021-12-22 12:47:25.948root 11241100x80000000000000004031166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a42e0b5710dce7d2021-12-22 12:47:25.948root 11241100x80000000000000004031167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dd2ace55ca53af2021-12-22 12:47:25.948root 11241100x80000000000000004031168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c36789314516102021-12-22 12:47:25.948root 11241100x80000000000000004031169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f2e166811d19172021-12-22 12:47:25.948root 11241100x80000000000000004031170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8384d0ea58d68c2021-12-22 12:47:25.948root 11241100x80000000000000004031171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3f117252b402d12021-12-22 12:47:25.948root 11241100x80000000000000004031172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d9aee3ca9087c92021-12-22 12:47:25.949root 11241100x80000000000000004031173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c102861e6945be2021-12-22 12:47:25.949root 11241100x80000000000000004031174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c805ff135c1abe682021-12-22 12:47:25.949root 11241100x80000000000000004031175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb6686f77dc38b52021-12-22 12:47:25.949root 11241100x80000000000000004031176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef2149fd475b0ae2021-12-22 12:47:25.949root 11241100x80000000000000004031177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a23e061c43a9e2021-12-22 12:47:25.949root 11241100x80000000000000004031178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dee566026004422021-12-22 12:47:25.949root 11241100x80000000000000004031179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f6d999fa3617e12021-12-22 12:47:25.949root 154100x80000000000000004031180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.298{ec2b6afe-1e5e-61c3-50dd-ba6f30560000}22753/bin/kmod-----modprobe rootkit/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000004031181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b110d2126444c7852021-12-22 12:47:26.299root 11241100x80000000000000004031182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e3ce18e2507fba2021-12-22 12:47:26.299root 11241100x80000000000000004031183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69269dae2da7894d2021-12-22 12:47:26.299root 534500x80000000000000004031184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.299{ec2b6afe-1e5e-61c3-50dd-ba6f30560000}22753/bin/kmodubuntu 11241100x80000000000000004031185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f12e5b9cf7cba852021-12-22 12:47:26.299root 11241100x80000000000000004031186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83374056932b1f12021-12-22 12:47:26.299root 11241100x80000000000000004031187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57331396ee6821272021-12-22 12:47:26.299root 11241100x80000000000000004031188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f56d427ca9686f52021-12-22 12:47:26.299root 11241100x80000000000000004031189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462fd5009403f3b02021-12-22 12:47:26.299root 11241100x80000000000000004031190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38b7aebe60b7de92021-12-22 12:47:26.300root 11241100x80000000000000004031191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e6bc20851be64d2021-12-22 12:47:26.300root 11241100x80000000000000004031192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d396364b3972b2021-12-22 12:47:26.300root 11241100x80000000000000004031193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea158fd18d3aabac2021-12-22 12:47:26.300root 11241100x80000000000000004031194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee4dd83ab225fae2021-12-22 12:47:26.300root 11241100x80000000000000004031195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e9bdd9d2216a272021-12-22 12:47:26.300root 11241100x80000000000000004031196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cb1a848b4823a72021-12-22 12:47:26.300root 11241100x80000000000000004031197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfbdc602d40a89f2021-12-22 12:47:26.301root 11241100x80000000000000004031198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354df57ac07e313e2021-12-22 12:47:26.301root 11241100x80000000000000004031199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e46b9d83cb3ec42021-12-22 12:47:26.301root 11241100x80000000000000004031200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6f2222b0b5e8ea2021-12-22 12:47:26.301root 11241100x80000000000000004031201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6715bd9e51b1842021-12-22 12:47:26.301root 11241100x80000000000000004031202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2171dc487071302021-12-22 12:47:26.301root 11241100x80000000000000004031203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6c9b3d82d2c8482021-12-22 12:47:26.301root 11241100x80000000000000004031204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafc4f221c4f11a62021-12-22 12:47:26.302root 11241100x80000000000000004031205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06685ea0da1cc1fb2021-12-22 12:47:26.302root 11241100x80000000000000004031206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66282de0b05128512021-12-22 12:47:26.302root 11241100x80000000000000004031207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d80525cc2f1511c2021-12-22 12:47:26.302root 11241100x80000000000000004031208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a562863dc54a93f72021-12-22 12:47:26.302root 11241100x80000000000000004031209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd31594f5780a98c2021-12-22 12:47:26.302root 11241100x80000000000000004031210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f04b081c0b2a5272021-12-22 12:47:26.303root 11241100x80000000000000004031211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645c838ea235ccdb2021-12-22 12:47:26.303root 11241100x80000000000000004031212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f53630009d9d302021-12-22 12:47:26.303root 11241100x80000000000000004031213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5185afde27a1857b2021-12-22 12:47:26.303root 11241100x80000000000000004031214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f75104fa70fd2ac2021-12-22 12:47:26.303root 11241100x80000000000000004031215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066da4498b05b3062021-12-22 12:47:26.304root 11241100x80000000000000004031216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3695206a23057652021-12-22 12:47:26.304root 11241100x80000000000000004031217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aefd597cff18f1d2021-12-22 12:47:26.304root 11241100x80000000000000004031218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffde22057683b26e2021-12-22 12:47:26.304root 11241100x80000000000000004031219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c524844c127d5b2021-12-22 12:47:26.304root 11241100x80000000000000004031220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fae5979faa5fbe12021-12-22 12:47:26.305root 11241100x80000000000000004031221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a0c93603cb79012021-12-22 12:47:26.305root 11241100x80000000000000004031222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11222fc087b438e42021-12-22 12:47:26.305root 11241100x80000000000000004031223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235fb1bbd5e186cb2021-12-22 12:47:26.305root 11241100x80000000000000004031224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34db3a6fcc1539352021-12-22 12:47:26.306root 11241100x80000000000000004031225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a59afca498071d82021-12-22 12:47:26.306root 11241100x80000000000000004031226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31f0c036d603b722021-12-22 12:47:26.306root 11241100x80000000000000004031227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87145644051226cd2021-12-22 12:47:26.306root 11241100x80000000000000004031228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d7df045dca7bfd2021-12-22 12:47:26.306root 11241100x80000000000000004031229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1798bf9a8ca8651f2021-12-22 12:47:26.307root 11241100x80000000000000004031230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6448383ec28c6d382021-12-22 12:47:26.307root 11241100x80000000000000004031231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8318cdc08aa0c52021-12-22 12:47:26.307root 11241100x80000000000000004031232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f3d6499c0aca4f2021-12-22 12:47:26.308root 11241100x80000000000000004031233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998417cc45f752e92021-12-22 12:47:26.308root 11241100x80000000000000004031234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5156b2eb2462192021-12-22 12:47:26.308root 11241100x80000000000000004031235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3953cde7a01a3ec22021-12-22 12:47:26.308root 11241100x80000000000000004031236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f68ed6840a1edc2021-12-22 12:47:26.308root 11241100x80000000000000004031237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f900832f4498382021-12-22 12:47:26.309root 11241100x80000000000000004031238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f7d6bfb812602e2021-12-22 12:47:26.309root 11241100x80000000000000004031239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b4eb0634982a3b2021-12-22 12:47:26.309root 11241100x80000000000000004031240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bf790a61ed74d72021-12-22 12:47:26.309root 11241100x80000000000000004031241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce6ee8a90b4e32f2021-12-22 12:47:26.309root 11241100x80000000000000004031242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec9f3f7a48e56052021-12-22 12:47:26.309root 11241100x80000000000000004031243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddaf53a82fdc37722021-12-22 12:47:26.310root 11241100x80000000000000004031244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c3d10c99de1b162021-12-22 12:47:26.310root 11241100x80000000000000004031245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcfcc4fea8d6f302021-12-22 12:47:26.310root 11241100x80000000000000004031246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8759250348d1222021-12-22 12:47:26.310root 11241100x80000000000000004031247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba58c0baee124ce2021-12-22 12:47:26.311root 11241100x80000000000000004031248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a540fed52c7b72c2021-12-22 12:47:26.311root 11241100x80000000000000004031249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdf1a67e1af11812021-12-22 12:47:26.311root 11241100x80000000000000004031250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7113efea64bd82e12021-12-22 12:47:26.311root 11241100x80000000000000004031251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb94c2d22ad3b332021-12-22 12:47:26.311root 11241100x80000000000000004031252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e517b011c6e69f62021-12-22 12:47:26.311root 11241100x80000000000000004031253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c795945ec42fb242021-12-22 12:47:26.311root 11241100x80000000000000004031254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f5c77ec901c80f2021-12-22 12:47:26.311root 11241100x80000000000000004031255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba36f63423338f72021-12-22 12:47:26.312root 11241100x80000000000000004031256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1259e2b61ab346992021-12-22 12:47:26.312root 11241100x80000000000000004031257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fc64e9aba989872021-12-22 12:47:26.312root 11241100x80000000000000004031258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebd98ad61fcd2242021-12-22 12:47:26.312root 11241100x80000000000000004031259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdf887ab17160a02021-12-22 12:47:26.312root 11241100x80000000000000004031260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8315d7b709d6953d2021-12-22 12:47:26.312root 11241100x80000000000000004031261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a211d26dd867bf2021-12-22 12:47:26.312root 11241100x80000000000000004031262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1e52218af92e672021-12-22 12:47:26.312root 11241100x80000000000000004031263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18981d43bda6e3292021-12-22 12:47:26.312root 11241100x80000000000000004031264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bdc19fe9157e892021-12-22 12:47:26.313root 11241100x80000000000000004031265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f77e9cadcd4018f2021-12-22 12:47:26.313root 11241100x80000000000000004031266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c1c80f3a5968292021-12-22 12:47:26.313root 11241100x80000000000000004031267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810d8d5c35561e982021-12-22 12:47:26.313root 11241100x80000000000000004031268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230aa651da1d2fab2021-12-22 12:47:26.313root 11241100x80000000000000004031269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6562b56674daa4d02021-12-22 12:47:26.313root 11241100x80000000000000004031270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07372a2af31034f2021-12-22 12:47:26.313root 11241100x80000000000000004031271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31c0b96273d3b872021-12-22 12:47:26.313root 11241100x80000000000000004031272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb27f707ca59d1f2021-12-22 12:47:26.313root 11241100x80000000000000004031273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a3ff42426acd602021-12-22 12:47:26.314root 11241100x80000000000000004031274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44da249b823ef0e2021-12-22 12:47:26.314root 11241100x80000000000000004031275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bd41eaf27d9b5f2021-12-22 12:47:26.314root 11241100x80000000000000004031276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc95b8887e7cc9272021-12-22 12:47:26.314root 11241100x80000000000000004031277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16085420cb3b9c442021-12-22 12:47:26.314root 11241100x80000000000000004031278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efd786fb7f26e4c2021-12-22 12:47:26.314root 11241100x80000000000000004031279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c0e14065413ee32021-12-22 12:47:26.314root 11241100x80000000000000004031280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3746a1fbb9bb2ed12021-12-22 12:47:26.314root 11241100x80000000000000004031281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aab6c22d4906a2e2021-12-22 12:47:26.315root 11241100x80000000000000004031282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab02115d0870f122021-12-22 12:47:26.315root 11241100x80000000000000004031283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201fb28478fe8d992021-12-22 12:47:26.315root 11241100x80000000000000004031284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196a893a91a844832021-12-22 12:47:26.315root 11241100x80000000000000004031285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355aaaff0b2149132021-12-22 12:47:26.315root 11241100x80000000000000004031286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e87b68aedc52652021-12-22 12:47:26.315root 11241100x80000000000000004031287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0dd5074fb022922021-12-22 12:47:26.315root 11241100x80000000000000004031288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae719406f1834852021-12-22 12:47:26.315root 11241100x80000000000000004031289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2893f0517deb2b2021-12-22 12:47:26.316root 11241100x80000000000000004031290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e772ae8a5cf24d32021-12-22 12:47:26.316root 11241100x80000000000000004031291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11adb513b73aa6cc2021-12-22 12:47:26.316root 11241100x80000000000000004031292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009a3c6efc63aa732021-12-22 12:47:26.316root 11241100x80000000000000004031293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee12ff5ce32cfda62021-12-22 12:47:26.316root 11241100x80000000000000004031294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f561cb1b74db1022021-12-22 12:47:26.316root 11241100x80000000000000004031295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be9090e871f8fa52021-12-22 12:47:26.316root 11241100x80000000000000004031296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb1dbfedddf88902021-12-22 12:47:26.316root 11241100x80000000000000004031297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9da460132934f2021-12-22 12:47:26.316root 11241100x80000000000000004031298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b192ac6980cf2ee2021-12-22 12:47:26.317root 11241100x80000000000000004031299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f353de16cfdfb7372021-12-22 12:47:26.317root 11241100x80000000000000004031300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c453fca745102b2021-12-22 12:47:26.317root 11241100x80000000000000004031301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca2faef425398db2021-12-22 12:47:26.317root 11241100x80000000000000004031302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250b46b9d8b875192021-12-22 12:47:26.317root 11241100x80000000000000004031303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de66d83a9a904c002021-12-22 12:47:26.317root 11241100x80000000000000004031304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290713fcbcae0a922021-12-22 12:47:26.317root 11241100x80000000000000004031305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdbdeac7cf390562021-12-22 12:47:26.317root 11241100x80000000000000004031306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698dff41385948c22021-12-22 12:47:26.317root 11241100x80000000000000004031307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46743ec7361603c42021-12-22 12:47:26.317root 11241100x80000000000000004031308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2420194886dffe92021-12-22 12:47:26.317root 11241100x80000000000000004031309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac3684a23acad8c2021-12-22 12:47:26.317root 11241100x80000000000000004031310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b5cdfdf4f7c6472021-12-22 12:47:26.318root 11241100x80000000000000004031311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d65ddc2c607787f2021-12-22 12:47:26.318root 11241100x80000000000000004031312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50afcd30a8c93772021-12-22 12:47:26.318root 11241100x80000000000000004031313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc01edec9bb52fac2021-12-22 12:47:26.318root 11241100x80000000000000004031314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99746f6d74c203812021-12-22 12:47:26.318root 11241100x80000000000000004031315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bed4c21b344e5732021-12-22 12:47:26.318root 11241100x80000000000000004031316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6cfbca6e5e939b2021-12-22 12:47:26.318root 11241100x80000000000000004031317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2e587d278444e32021-12-22 12:47:26.318root 11241100x80000000000000004031318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f752e0a07874762021-12-22 12:47:26.318root 11241100x80000000000000004031319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd8dce48607b9f42021-12-22 12:47:26.318root 11241100x80000000000000004031320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62dd8e89ed4c8222021-12-22 12:47:26.318root 11241100x80000000000000004031321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df38cbcfd86d6a52021-12-22 12:47:26.319root 11241100x80000000000000004031322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6efb97f175cb0f2021-12-22 12:47:26.319root 11241100x80000000000000004031323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69561126dd3a2b822021-12-22 12:47:26.319root 11241100x80000000000000004031324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2887c8e8f00055d2021-12-22 12:47:26.319root 11241100x80000000000000004031325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4371decbef55875b2021-12-22 12:47:26.319root 11241100x80000000000000004031326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53943eb6ec27ae42021-12-22 12:47:26.319root 11241100x80000000000000004031327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28c3c09e2776a9c2021-12-22 12:47:26.319root 11241100x80000000000000004031328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe98c02da61ccc12021-12-22 12:47:26.319root 11241100x80000000000000004031329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1124eeaad14c23aa2021-12-22 12:47:26.319root 11241100x80000000000000004031330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2f173eb2dc2e3e2021-12-22 12:47:26.319root 11241100x80000000000000004031331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd899ae07e59cb882021-12-22 12:47:26.319root 11241100x80000000000000004031332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7710ef0b04e23e282021-12-22 12:47:26.319root 11241100x80000000000000004031333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc66fefccd4ad7622021-12-22 12:47:26.320root 11241100x80000000000000004031334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc166a6682fcfaf2021-12-22 12:47:26.320root 11241100x80000000000000004031335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f419bf390aeae3452021-12-22 12:47:26.320root 11241100x80000000000000004031336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7ffba863327ac52021-12-22 12:47:26.320root 11241100x80000000000000004031337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2601ef515a96722021-12-22 12:47:26.320root 11241100x80000000000000004031338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93d4116888f00012021-12-22 12:47:26.320root 11241100x80000000000000004031339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c45e970a409f77d2021-12-22 12:47:26.320root 11241100x80000000000000004031340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94af04f4c5b46a02021-12-22 12:47:26.320root 11241100x80000000000000004031341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74159d35ccacac812021-12-22 12:47:26.320root 11241100x80000000000000004031342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c443eb3d3df16852021-12-22 12:47:26.320root 11241100x80000000000000004031343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b5bd6876a04b8c2021-12-22 12:47:26.320root 11241100x80000000000000004031344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e8223dc40000072021-12-22 12:47:26.320root 11241100x80000000000000004031345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6a0a44e975bfb32021-12-22 12:47:26.321root 11241100x80000000000000004031346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9c23208dee66ee2021-12-22 12:47:26.321root 11241100x80000000000000004031347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda311fda335d0052021-12-22 12:47:26.321root 11241100x80000000000000004031348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8f47106539bfc12021-12-22 12:47:26.321root 11241100x80000000000000004031349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b69fc74b01002312021-12-22 12:47:26.321root 11241100x80000000000000004031350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0531808d6e96d432021-12-22 12:47:26.321root 11241100x80000000000000004031351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e4b27ee65037052021-12-22 12:47:26.321root 11241100x80000000000000004031352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ef81cafb4173902021-12-22 12:47:26.321root 11241100x80000000000000004031353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63d3b3794b21f1f2021-12-22 12:47:26.321root 11241100x80000000000000004031354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb613dd5bd2569d2021-12-22 12:47:26.321root 11241100x80000000000000004031355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c51785d9a3a4da2021-12-22 12:47:26.322root 11241100x80000000000000004031356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2693cfbb9a168b2021-12-22 12:47:26.322root 11241100x80000000000000004031357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94ec6532e2b2b282021-12-22 12:47:26.322root 11241100x80000000000000004031358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec100cda80085cf82021-12-22 12:47:26.322root 11241100x80000000000000004031359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75498842c190d7932021-12-22 12:47:26.322root 11241100x80000000000000004031360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b2f5253b3692152021-12-22 12:47:26.322root 11241100x80000000000000004031361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121e3f36c25f541b2021-12-22 12:47:26.322root 11241100x80000000000000004031362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8606d0fd7b1423c12021-12-22 12:47:26.322root 11241100x80000000000000004031363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91901b1d1c3376052021-12-22 12:47:26.322root 11241100x80000000000000004031364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cb42dae8e533322021-12-22 12:47:26.323root 11241100x80000000000000004031365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3544db1a55bbf2932021-12-22 12:47:26.323root 11241100x80000000000000004031366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37594979b58979c2021-12-22 12:47:26.323root 11241100x80000000000000004031367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37005741a43bd8412021-12-22 12:47:26.323root 11241100x80000000000000004031368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114f287109c62ef32021-12-22 12:47:26.323root 11241100x80000000000000004031369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952f03b63e2a53162021-12-22 12:47:26.323root 11241100x80000000000000004031370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b9c1a4e68a4bb22021-12-22 12:47:26.323root 11241100x80000000000000004031371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac013f98fe8cf6f2021-12-22 12:47:26.324root 11241100x80000000000000004031372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9783655c0969a67e2021-12-22 12:47:26.324root 11241100x80000000000000004031373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e4e0bbac2cb2e32021-12-22 12:47:26.324root 11241100x80000000000000004031374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09be145612ceffb92021-12-22 12:47:26.324root 11241100x80000000000000004031375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3672f97524bd892021-12-22 12:47:26.324root 11241100x80000000000000004031376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ef0202a58b81512021-12-22 12:47:26.324root 11241100x80000000000000004031377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d09be587d18e66b2021-12-22 12:47:26.324root 11241100x80000000000000004031378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4d16072cd16e352021-12-22 12:47:26.324root 11241100x80000000000000004031379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd32bfa2c2f905e2021-12-22 12:47:26.324root 11241100x80000000000000004031380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3456009171d63ca42021-12-22 12:47:26.324root 11241100x80000000000000004031381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6c2637c22d02e02021-12-22 12:47:26.324root 11241100x80000000000000004031382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb202af525beab72021-12-22 12:47:26.325root 11241100x80000000000000004031383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8b0e14623aeeaa2021-12-22 12:47:26.325root 11241100x80000000000000004031384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629d849b440c0daa2021-12-22 12:47:26.325root 11241100x80000000000000004031385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b32093a7eba0f942021-12-22 12:47:26.325root 11241100x80000000000000004031386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8d7dc58a1791862021-12-22 12:47:26.325root 11241100x80000000000000004031387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275aab24ed15cbcc2021-12-22 12:47:26.325root 11241100x80000000000000004031388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024f2c9ca485c6d52021-12-22 12:47:26.325root 11241100x80000000000000004031389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3054c0c5b7af92ad2021-12-22 12:47:26.325root 11241100x80000000000000004031390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed20682707bc2242021-12-22 12:47:26.325root 11241100x80000000000000004031391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a4eb165ec84bd62021-12-22 12:47:26.325root 11241100x80000000000000004031392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2db7082ffb64e02021-12-22 12:47:26.326root 11241100x80000000000000004031393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d73f71a32f4664a2021-12-22 12:47:26.326root 11241100x80000000000000004031394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28c94e38c93088b2021-12-22 12:47:26.326root 11241100x80000000000000004031395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777d90bc1f908ba62021-12-22 12:47:26.326root 11241100x80000000000000004031396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723c5629b9438bdf2021-12-22 12:47:26.326root 11241100x80000000000000004031397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbd620b40dd58352021-12-22 12:47:26.326root 11241100x80000000000000004031398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1384a516c04b6e162021-12-22 12:47:26.326root 11241100x80000000000000004031399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf56306def7e7672021-12-22 12:47:26.326root 11241100x80000000000000004031400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6d4c902babd7fb2021-12-22 12:47:26.326root 11241100x80000000000000004031401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb89f2d7925127ec2021-12-22 12:47:26.327root 11241100x80000000000000004031402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1643114ae48608bd2021-12-22 12:47:26.327root 11241100x80000000000000004031403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8759e44d7c37c982021-12-22 12:47:26.327root 11241100x80000000000000004031404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4342c60c2f0d96f72021-12-22 12:47:26.327root 11241100x80000000000000004031405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ae041ec46586c42021-12-22 12:47:26.327root 11241100x80000000000000004031406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c4e6064508a4052021-12-22 12:47:26.327root 11241100x80000000000000004031407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f617b106c3f8a942021-12-22 12:47:26.327root 11241100x80000000000000004031408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de13eb9e5bc11e72021-12-22 12:47:26.327root 11241100x80000000000000004031409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d25eaa1bd157a882021-12-22 12:47:26.327root 11241100x80000000000000004031410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554f43c54567c3ba2021-12-22 12:47:26.328root 11241100x80000000000000004031411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f7e4d24dac6fd92021-12-22 12:47:26.328root 11241100x80000000000000004031412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f9b47dc9982ef62021-12-22 12:47:26.328root 11241100x80000000000000004031413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449c5bc813f13ad82021-12-22 12:47:26.328root 11241100x80000000000000004031414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7febad00a2df142021-12-22 12:47:26.328root 11241100x80000000000000004031415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe41da109d08ec32021-12-22 12:47:26.328root 11241100x80000000000000004031416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2e9deb4aba1ba02021-12-22 12:47:26.328root 11241100x80000000000000004031417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf86881bac18e0472021-12-22 12:47:26.328root 11241100x80000000000000004031418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9235399f0aae362021-12-22 12:47:26.693root 11241100x80000000000000004031419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5564645b3e13402021-12-22 12:47:26.693root 11241100x80000000000000004031420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f3fc2a03e5d0552021-12-22 12:47:26.693root 11241100x80000000000000004031421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ec15e121b33c682021-12-22 12:47:26.693root 11241100x80000000000000004031422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2077d94c6338c8922021-12-22 12:47:26.693root 11241100x80000000000000004031423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03efa8c3f6609e62021-12-22 12:47:26.693root 11241100x80000000000000004031424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a83fe1158f85412021-12-22 12:47:26.694root 11241100x80000000000000004031425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f650b4bc96463e7f2021-12-22 12:47:26.694root 11241100x80000000000000004031426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a5e5e6a10059162021-12-22 12:47:26.694root 11241100x80000000000000004031427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e762f33d21cfac002021-12-22 12:47:26.694root 11241100x80000000000000004031428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52366a727023079c2021-12-22 12:47:26.694root 11241100x80000000000000004031429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44607f5c08143df52021-12-22 12:47:26.694root 11241100x80000000000000004031430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aba678137362092021-12-22 12:47:26.695root 11241100x80000000000000004031431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c059b452abf960a92021-12-22 12:47:26.695root 11241100x80000000000000004031432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ad1da4f38ab3432021-12-22 12:47:26.695root 11241100x80000000000000004031433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7790d90fe79869ee2021-12-22 12:47:26.696root 11241100x80000000000000004031434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5205fc9a234aa74d2021-12-22 12:47:26.696root 11241100x80000000000000004031435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67723e4ab698c502021-12-22 12:47:26.696root 11241100x80000000000000004031436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aeae30ff8b53ed2021-12-22 12:47:26.696root 11241100x80000000000000004031437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84c38172893f4a22021-12-22 12:47:26.697root 11241100x80000000000000004031438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f98ed28d91d81e2021-12-22 12:47:26.697root 11241100x80000000000000004031439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a76c2154c63796f2021-12-22 12:47:26.697root 11241100x80000000000000004031440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bfb03c11e425de2021-12-22 12:47:26.698root 11241100x80000000000000004031441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1596b76d5890592021-12-22 12:47:26.698root 11241100x80000000000000004031442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161db00ef79f34c92021-12-22 12:47:26.698root 11241100x80000000000000004031443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705fe1f9268d96732021-12-22 12:47:26.698root 11241100x80000000000000004031444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1227d682b59b89e22021-12-22 12:47:26.699root 11241100x80000000000000004031445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529cb41bedbc3e242021-12-22 12:47:26.699root 11241100x80000000000000004031446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c2c14b15106ac02021-12-22 12:47:26.699root 11241100x80000000000000004031447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d7058e82825f02021-12-22 12:47:26.699root 11241100x80000000000000004031448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b019bb98b6dcb32021-12-22 12:47:26.700root 11241100x80000000000000004031449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fb001e95f4f5702021-12-22 12:47:26.700root 11241100x80000000000000004031450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf09459cbb106ae2021-12-22 12:47:26.700root 11241100x80000000000000004031451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762f6577aab370552021-12-22 12:47:26.700root 11241100x80000000000000004031452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c64a44eac9847f2021-12-22 12:47:26.701root 11241100x80000000000000004031453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ae8c75343aa9102021-12-22 12:47:26.701root 11241100x80000000000000004031454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d3b3b2bd5e17c62021-12-22 12:47:26.701root 11241100x80000000000000004031455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639bf5fe7075bd3c2021-12-22 12:47:26.701root 11241100x80000000000000004031456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1f77c15d6b024b2021-12-22 12:47:26.702root 11241100x80000000000000004031457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ef1a9912600ba02021-12-22 12:47:26.702root 11241100x80000000000000004031458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada58ab1eb79c4272021-12-22 12:47:26.702root 11241100x80000000000000004031459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bf170dc3ad50b92021-12-22 12:47:26.702root 11241100x80000000000000004031460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a979c21ec97b0952021-12-22 12:47:26.703root 11241100x80000000000000004031461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d2ecfbb88118822021-12-22 12:47:26.703root 11241100x80000000000000004031462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5371e2980368cdb2021-12-22 12:47:26.703root 11241100x80000000000000004031463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237249b6d82566912021-12-22 12:47:26.703root 11241100x80000000000000004031464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c757f4b36a739fb2021-12-22 12:47:26.703root 11241100x80000000000000004031465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9728c80b5d9aa5562021-12-22 12:47:26.704root 11241100x80000000000000004031466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42792be47c61f132021-12-22 12:47:26.704root 11241100x80000000000000004031467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91297d9a9a0c1062021-12-22 12:47:26.704root 11241100x80000000000000004031468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68004960f862311e2021-12-22 12:47:26.705root 11241100x80000000000000004031469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee14604b527129a2021-12-22 12:47:26.705root 11241100x80000000000000004031470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b41c7632235a7122021-12-22 12:47:26.705root 11241100x80000000000000004031471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184993f6edac796f2021-12-22 12:47:26.706root 11241100x80000000000000004031472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcf720f0c60fd152021-12-22 12:47:26.706root 11241100x80000000000000004031473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc1a120de7e30e72021-12-22 12:47:26.706root 11241100x80000000000000004031474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67900b75ca7449b2021-12-22 12:47:26.706root 11241100x80000000000000004031475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac6c385e52a1d5b2021-12-22 12:47:26.706root 11241100x80000000000000004031476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c969235cfb48f232021-12-22 12:47:26.707root 11241100x80000000000000004031477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8224204f77f37dd2021-12-22 12:47:26.707root 11241100x80000000000000004031478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b041542868291de72021-12-22 12:47:26.707root 11241100x80000000000000004031479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578a86bd59fb76532021-12-22 12:47:26.707root 11241100x80000000000000004031480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b518f658a35b6842021-12-22 12:47:26.707root 11241100x80000000000000004031481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d600eb1d3a6ee92021-12-22 12:47:26.708root 11241100x80000000000000004031482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a08f1dc06ab4d02021-12-22 12:47:26.708root 11241100x80000000000000004031483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c39c8f37c8dce182021-12-22 12:47:26.708root 11241100x80000000000000004031484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9aaedd5036d6112021-12-22 12:47:26.709root 11241100x80000000000000004031485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492bb563cf8946432021-12-22 12:47:26.709root 11241100x80000000000000004031486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6ec879c5a3c4862021-12-22 12:47:26.709root 11241100x80000000000000004031487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5a4ab49d06e3d42021-12-22 12:47:26.709root 11241100x80000000000000004031488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59c249ff2aa29ea2021-12-22 12:47:26.710root 11241100x80000000000000004031489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0217d94d853220d2021-12-22 12:47:26.710root 11241100x80000000000000004031490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2897a5fa5378b2862021-12-22 12:47:26.710root 11241100x80000000000000004031491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68786995085d853a2021-12-22 12:47:26.710root 11241100x80000000000000004031492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3054e747f57a10a2021-12-22 12:47:26.710root 11241100x80000000000000004031493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965c0c10137803cf2021-12-22 12:47:26.710root 11241100x80000000000000004031494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e43331ba419782e2021-12-22 12:47:26.711root 11241100x80000000000000004031495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4129ef00ba597d9c2021-12-22 12:47:26.711root 11241100x80000000000000004031496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edce68ec2d94458c2021-12-22 12:47:26.711root 11241100x80000000000000004031497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d902a3f55fea25f72021-12-22 12:47:26.712root 11241100x80000000000000004031498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed43571e323aa77b2021-12-22 12:47:26.712root 11241100x80000000000000004031499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ac3754c335067c2021-12-22 12:47:26.712root 11241100x80000000000000004031500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3107326ec28b142021-12-22 12:47:26.712root 11241100x80000000000000004031501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa5430a3e04036d2021-12-22 12:47:26.712root 11241100x80000000000000004031502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434f7b83d92dc78a2021-12-22 12:47:26.713root 11241100x80000000000000004031503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6939c24be72d8f092021-12-22 12:47:26.713root 11241100x80000000000000004031504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a7bc535e92bc492021-12-22 12:47:26.713root 11241100x80000000000000004031505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd16f90221b683c2021-12-22 12:47:26.713root 11241100x80000000000000004031506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be4f316212853d52021-12-22 12:47:26.713root 11241100x80000000000000004031507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3fbb207fae57d92021-12-22 12:47:26.714root 11241100x80000000000000004031508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fe39c8e56183c62021-12-22 12:47:26.714root 11241100x80000000000000004031509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84743ec58e7e48d2021-12-22 12:47:26.714root 11241100x80000000000000004031510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac1023e3907c5962021-12-22 12:47:26.714root 11241100x80000000000000004031511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3018705f1130cf162021-12-22 12:47:26.714root 11241100x80000000000000004031512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3931ad85bf771ec22021-12-22 12:47:26.715root 11241100x80000000000000004031513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ff56b9d7fb20e32021-12-22 12:47:26.715root 11241100x80000000000000004031514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956a0ba1b842576d2021-12-22 12:47:26.715root 11241100x80000000000000004031515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc58dc4494224fa2021-12-22 12:47:26.715root 11241100x80000000000000004031516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b6ecd42042bd792021-12-22 12:47:26.715root 11241100x80000000000000004031517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20186952475559ba2021-12-22 12:47:26.715root 11241100x80000000000000004031518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfd87b6456f5f182021-12-22 12:47:26.715root 11241100x80000000000000004031519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112f5b5696b8aeca2021-12-22 12:47:26.715root 11241100x80000000000000004031520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577356a5415f11a32021-12-22 12:47:26.716root 11241100x80000000000000004031521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e029eb4ce9e1a1162021-12-22 12:47:26.716root 11241100x80000000000000004031522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96afd5cbcc883eb52021-12-22 12:47:26.716root 11241100x80000000000000004031523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022d457a716c9d642021-12-22 12:47:26.717root 11241100x80000000000000004031524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ec6aa07539ebdc2021-12-22 12:47:26.717root 11241100x80000000000000004031525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acece64aad89c862021-12-22 12:47:26.717root 11241100x80000000000000004031526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b519ffbbdbadb322021-12-22 12:47:26.717root 11241100x80000000000000004031527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad0d54947aef01e2021-12-22 12:47:26.717root 11241100x80000000000000004031528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a44bf6dc3d89552021-12-22 12:47:26.717root 11241100x80000000000000004031529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafc6ceff0f928742021-12-22 12:47:26.717root 11241100x80000000000000004031530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c6cbfec7e2f79c2021-12-22 12:47:26.717root 11241100x80000000000000004031531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0b244b5c9394b02021-12-22 12:47:26.717root 11241100x80000000000000004031532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c78873851dbd892021-12-22 12:47:26.717root 11241100x80000000000000004031533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14ff200c190230f2021-12-22 12:47:26.717root 11241100x80000000000000004031534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801feafd05fbb57d2021-12-22 12:47:26.717root 11241100x80000000000000004031535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360f6064e76a1f5f2021-12-22 12:47:26.717root 11241100x80000000000000004031536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5e6ae22087ce902021-12-22 12:47:26.717root 11241100x80000000000000004031537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9a10b9585f9f292021-12-22 12:47:26.717root 11241100x80000000000000004031538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01f218f8d9cb6f82021-12-22 12:47:26.718root 11241100x80000000000000004031539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dceb6b57a41f9a32021-12-22 12:47:26.718root 11241100x80000000000000004031540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf85eff594b5c712021-12-22 12:47:26.718root 11241100x80000000000000004031541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c13427bc75baae2021-12-22 12:47:26.718root 11241100x80000000000000004031542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1a21fa3979d0082021-12-22 12:47:26.718root 11241100x80000000000000004031543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5c971cecc5ec2f2021-12-22 12:47:26.718root 11241100x80000000000000004031544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acafcb15d4b775362021-12-22 12:47:26.718root 11241100x80000000000000004031545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d284fd2d17f42232021-12-22 12:47:26.718root 11241100x80000000000000004031546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1047bcad05d4072021-12-22 12:47:26.718root 11241100x80000000000000004031547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1114452d4ba7f72021-12-22 12:47:26.719root 11241100x80000000000000004031548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78e0f11e9e4a3d22021-12-22 12:47:26.719root 11241100x80000000000000004031549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759c3a4346c43dcd2021-12-22 12:47:26.719root 11241100x80000000000000004031550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e0ccc29ad9481c2021-12-22 12:47:26.719root 11241100x80000000000000004031551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615de092d44777162021-12-22 12:47:26.719root 11241100x80000000000000004031552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42a5622fd4d5a422021-12-22 12:47:26.719root 11241100x80000000000000004031553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165350214a1b1a102021-12-22 12:47:26.720root 11241100x80000000000000004031554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800e97846d8dce0d2021-12-22 12:47:26.720root 11241100x80000000000000004031555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aaf9bed7bd69a22021-12-22 12:47:26.720root 11241100x80000000000000004031556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cac573bb98bb24b2021-12-22 12:47:26.720root 11241100x80000000000000004031557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9af2c14d0b66de2021-12-22 12:47:26.720root 11241100x80000000000000004031558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb839c8bd33a2e272021-12-22 12:47:26.720root 11241100x80000000000000004031559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ad444a641cd93f2021-12-22 12:47:26.721root 11241100x80000000000000004031560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2475fdf227dd212021-12-22 12:47:26.721root 11241100x80000000000000004031561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749b6d8fd112ed1b2021-12-22 12:47:26.721root 11241100x80000000000000004031562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276537845fe80f2c2021-12-22 12:47:26.721root 11241100x80000000000000004031563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc255ad8ab6746852021-12-22 12:47:26.721root 11241100x80000000000000004031564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216e979d48f964052021-12-22 12:47:26.722root 11241100x80000000000000004031565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6454037c991870822021-12-22 12:47:26.722root 11241100x80000000000000004031566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cf21788db9f1b42021-12-22 12:47:26.722root 11241100x80000000000000004031567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df169372165723e92021-12-22 12:47:26.722root 11241100x80000000000000004031568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded73bf8ad06cf5a2021-12-22 12:47:26.722root 11241100x80000000000000004031569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd00dc4f58d601d32021-12-22 12:47:26.722root 11241100x80000000000000004031570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb69dd887a85d1182021-12-22 12:47:26.722root 11241100x80000000000000004031571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd168bd57e53bd02021-12-22 12:47:26.722root 11241100x80000000000000004031572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883b1e41f58ea06d2021-12-22 12:47:26.722root 11241100x80000000000000004031573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc023b2e50dc4da12021-12-22 12:47:26.722root 11241100x80000000000000004031574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05ecb946087b84b2021-12-22 12:47:26.722root 11241100x80000000000000004031575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e2d9f01c8cdee22021-12-22 12:47:26.722root 11241100x80000000000000004031576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e8acd0a205c0a02021-12-22 12:47:26.722root 11241100x80000000000000004031577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859b8c0c812172182021-12-22 12:47:26.722root 11241100x80000000000000004031578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3a71725bfe94fb2021-12-22 12:47:26.722root 11241100x80000000000000004031579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7a0a305192623d2021-12-22 12:47:26.722root 11241100x80000000000000004031580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3138670cbfed072021-12-22 12:47:26.723root 11241100x80000000000000004031581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f858a112c9f584bd2021-12-22 12:47:26.723root 11241100x80000000000000004031582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d580348d3a56a2982021-12-22 12:47:26.723root 11241100x80000000000000004031583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bfc6094eecc59f2021-12-22 12:47:26.723root 11241100x80000000000000004031584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16c43b32d8300542021-12-22 12:47:26.723root 11241100x80000000000000004031585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a02fbaac6747c6e2021-12-22 12:47:26.723root 11241100x80000000000000004031586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58be30beee39f7e2021-12-22 12:47:26.723root 11241100x80000000000000004031587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da030519e087d782021-12-22 12:47:26.723root 11241100x80000000000000004031588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae904e1e4cb33102021-12-22 12:47:26.723root 11241100x80000000000000004031589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2541c15b9ca2ea5b2021-12-22 12:47:26.723root 11241100x80000000000000004031590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0285c3b40bc6e58f2021-12-22 12:47:26.723root 11241100x80000000000000004031591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ffd9409fdf3d5a2021-12-22 12:47:26.723root 11241100x80000000000000004031592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2609d21b2de7a52021-12-22 12:47:26.723root 11241100x80000000000000004031593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe3482d3f47d4442021-12-22 12:47:26.723root 11241100x80000000000000004031594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e05a2230c0e2e72021-12-22 12:47:26.723root 11241100x80000000000000004031595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b47bd6e969b9c12021-12-22 12:47:26.723root 11241100x80000000000000004031596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0927e6e4174babb72021-12-22 12:47:26.724root 11241100x80000000000000004031597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c8f634228b99402021-12-22 12:47:26.724root 11241100x80000000000000004031598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27902bd8020d2f62021-12-22 12:47:26.724root 11241100x80000000000000004031599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087d80dc88c2a1a42021-12-22 12:47:26.724root 11241100x80000000000000004031600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ee5b358f3b0a2e2021-12-22 12:47:26.724root 11241100x80000000000000004031601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdf732aff7603a02021-12-22 12:47:26.724root 11241100x80000000000000004031602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70ec968e8643bc12021-12-22 12:47:26.724root 11241100x80000000000000004031603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea5aa36d5620d6b2021-12-22 12:47:26.725root 11241100x80000000000000004031604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b289ad4ef6ee802021-12-22 12:47:26.726root 11241100x80000000000000004031605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03cfc7f0debc8722021-12-22 12:47:26.726root 11241100x80000000000000004031606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e42fedff090f642021-12-22 12:47:26.726root 11241100x80000000000000004031607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cc8d28df81ab4e2021-12-22 12:47:26.726root 11241100x80000000000000004031608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96e6b65f81ed67b2021-12-22 12:47:26.726root 11241100x80000000000000004031609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea41b3fc20f6207b2021-12-22 12:47:26.726root 11241100x80000000000000004031610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fe9dd2e410f4d12021-12-22 12:47:26.726root 11241100x80000000000000004031611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e93fd5cab8205752021-12-22 12:47:26.727root 11241100x80000000000000004031612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355b9307ed9304e52021-12-22 12:47:26.727root 11241100x80000000000000004031613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef581ac7f046247e2021-12-22 12:47:26.727root 11241100x80000000000000004031614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b23be82ca84b782021-12-22 12:47:26.727root 11241100x80000000000000004031615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172f58e42b5f621b2021-12-22 12:47:26.727root 11241100x80000000000000004031616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d9b436069bb3602021-12-22 12:47:26.727root 11241100x80000000000000004031617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b68165d1ba0cd792021-12-22 12:47:26.727root 11241100x80000000000000004031618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fe9199e9f2d7252021-12-22 12:47:26.727root 11241100x80000000000000004031619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e8dd579db2288a2021-12-22 12:47:26.727root 11241100x80000000000000004031620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24f19a8b3b8f0ae2021-12-22 12:47:26.727root 11241100x80000000000000004031621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3f1783d0270c922021-12-22 12:47:26.727root 11241100x80000000000000004031622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cadba7bbcf8f6972021-12-22 12:47:26.727root 11241100x80000000000000004031623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ecd0da3fad1fb02021-12-22 12:47:26.727root 11241100x80000000000000004031624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5578337e259dcc92021-12-22 12:47:26.727root 11241100x80000000000000004031625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6e4349b7e767fd2021-12-22 12:47:26.727root 11241100x80000000000000004031626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e955362f9e809e2021-12-22 12:47:26.727root 11241100x80000000000000004031627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148cedae7a6424842021-12-22 12:47:26.728root 11241100x80000000000000004031628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d0be5b2148daef2021-12-22 12:47:26.728root 11241100x80000000000000004031629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b6167f564874302021-12-22 12:47:26.728root 11241100x80000000000000004031630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab4c308814871f02021-12-22 12:47:26.728root 11241100x80000000000000004031631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997fba70e0c3e8912021-12-22 12:47:26.728root 11241100x80000000000000004031632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625e1f0421a4ce7f2021-12-22 12:47:26.728root 11241100x80000000000000004031633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2a25bd5796e7bb2021-12-22 12:47:26.728root 11241100x80000000000000004031634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8090eca1f42b5d082021-12-22 12:47:26.728root 11241100x80000000000000004031635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c904417ec6ed05982021-12-22 12:47:26.728root 11241100x80000000000000004031636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc200903e0b0abb2021-12-22 12:47:26.728root 11241100x80000000000000004031637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b639d4742c8a7a012021-12-22 12:47:26.728root 11241100x80000000000000004031638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154c70ee7618fef52021-12-22 12:47:26.728root 11241100x80000000000000004031639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0a7ce90dbbec0e2021-12-22 12:47:26.728root 11241100x80000000000000004031640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee7e16dc2e819f12021-12-22 12:47:26.728root 11241100x80000000000000004031641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfad18dd94a134c2021-12-22 12:47:26.728root 11241100x80000000000000004031642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb2d52cfa1e6fdd2021-12-22 12:47:26.729root 11241100x80000000000000004031643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed21ad701bf7350c2021-12-22 12:47:26.729root 11241100x80000000000000004031644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8098bd23d1cc862021-12-22 12:47:26.729root 11241100x80000000000000004031645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8d59838f0e09092021-12-22 12:47:26.729root 11241100x80000000000000004031646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57ac0fdc02eafa02021-12-22 12:47:26.729root 11241100x80000000000000004031647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8fafd297227ad82021-12-22 12:47:26.729root 11241100x80000000000000004031648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348b26a984a454a52021-12-22 12:47:26.729root 11241100x80000000000000004031649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d377d1c69b409142021-12-22 12:47:26.729root 11241100x80000000000000004031650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f605bb65395d23782021-12-22 12:47:26.731root 11241100x80000000000000004031651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da414747316e9d2021-12-22 12:47:26.731root 11241100x80000000000000004031652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce85ecaf60bee8602021-12-22 12:47:26.731root 11241100x80000000000000004031653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c33046289dfa0752021-12-22 12:47:26.731root 11241100x80000000000000004031654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b74a8c50a25f71b2021-12-22 12:47:26.731root 11241100x80000000000000004031655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c99a95c4c800ea12021-12-22 12:47:26.731root 11241100x80000000000000004031656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc629dfd4363b6872021-12-22 12:47:26.732root 11241100x80000000000000004031657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3208afff121873fd2021-12-22 12:47:26.732root 11241100x80000000000000004031658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567f438911652cc92021-12-22 12:47:26.732root 11241100x80000000000000004031659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94de1a8ec6a737382021-12-22 12:47:26.732root 11241100x80000000000000004031660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934df45fd0008c062021-12-22 12:47:26.732root 11241100x80000000000000004031661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e2d009b2c0cdd12021-12-22 12:47:26.732root 11241100x80000000000000004031662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b996022760d734ee2021-12-22 12:47:26.732root 11241100x80000000000000004031663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b4c1b5a02a1c652021-12-22 12:47:26.732root 11241100x80000000000000004031664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca1e2b004025cc82021-12-22 12:47:26.732root 11241100x80000000000000004031665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf14a021788527aa2021-12-22 12:47:26.732root 11241100x80000000000000004031666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac7bffb4c3a92ee2021-12-22 12:47:26.732root 11241100x80000000000000004031667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2231095caa841a692021-12-22 12:47:26.732root 11241100x80000000000000004031668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1b807cedaa73e82021-12-22 12:47:26.732root 11241100x80000000000000004031669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12083fa8a32ce322021-12-22 12:47:26.733root 11241100x80000000000000004031670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca72576d7c77c1e82021-12-22 12:47:26.733root 11241100x80000000000000004031671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6ecb1387325f022021-12-22 12:47:26.733root 11241100x80000000000000004031672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3b921a5b612ad12021-12-22 12:47:26.733root 11241100x80000000000000004031673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6929d084c0a387a2021-12-22 12:47:26.733root 11241100x80000000000000004031674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897a5e253a125fda2021-12-22 12:47:26.733root 11241100x80000000000000004031675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659622dd68d983b02021-12-22 12:47:26.733root 11241100x80000000000000004031676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c352954d7f1e6b2021-12-22 12:47:26.733root 11241100x80000000000000004031677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bc7ea5a915be292021-12-22 12:47:26.733root 11241100x80000000000000004031678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0130f3713865349e2021-12-22 12:47:26.734root 11241100x80000000000000004031679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8416a02d5e06f9b42021-12-22 12:47:26.734root 11241100x80000000000000004031680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2204a6bc60ec9832021-12-22 12:47:26.734root 11241100x80000000000000004031681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ed5d61023cd9a22021-12-22 12:47:26.734root 11241100x80000000000000004031682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d1a6b7765e92d32021-12-22 12:47:26.734root 11241100x80000000000000004031683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff5fe1e61e4e8652021-12-22 12:47:26.734root 11241100x80000000000000004031684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b467af61d0c08fa2021-12-22 12:47:26.734root 11241100x80000000000000004031685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fac336c7b78ee722021-12-22 12:47:26.734root 11241100x80000000000000004031686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0464ed06b7d57b2021-12-22 12:47:26.734root 11241100x80000000000000004031687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6501435d6595e22021-12-22 12:47:26.735root 11241100x80000000000000004031688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133ef802c31c0baf2021-12-22 12:47:26.735root 11241100x80000000000000004031689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7203e9f309538d2021-12-22 12:47:26.735root 11241100x80000000000000004031690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc144d80e27bcf132021-12-22 12:47:26.735root 11241100x80000000000000004031691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cd1ac23f2d4d532021-12-22 12:47:26.735root 11241100x80000000000000004031692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fbf5f9651a48a02021-12-22 12:47:26.735root 11241100x80000000000000004031693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0f749974e7a05e2021-12-22 12:47:26.735root 11241100x80000000000000004031694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6dd7318ed3c3d02021-12-22 12:47:26.735root 11241100x80000000000000004031695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fb1d1cf20501172021-12-22 12:47:26.736root 11241100x80000000000000004031696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c712300ddcb559f2021-12-22 12:47:26.736root 11241100x80000000000000004031697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22ba25d35a686db2021-12-22 12:47:26.736root 11241100x80000000000000004031698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fb0e5776e3c5212021-12-22 12:47:26.736root 11241100x80000000000000004031699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103669e39e2c2de72021-12-22 12:47:26.736root 11241100x80000000000000004031700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087e96699ec3780e2021-12-22 12:47:26.736root 11241100x80000000000000004031701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fce1ba5657d3d12021-12-22 12:47:26.736root 11241100x80000000000000004031702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61158eb2a94b07d32021-12-22 12:47:26.737root 11241100x80000000000000004031703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff2e8745c4494af2021-12-22 12:47:26.737root 11241100x80000000000000004031704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c662ac670b346542021-12-22 12:47:26.737root 11241100x80000000000000004031705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76235ce3a032eab62021-12-22 12:47:26.737root 11241100x80000000000000004031706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b65cf4d923aedb2021-12-22 12:47:26.737root 11241100x80000000000000004031707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0840211982e1642021-12-22 12:47:26.737root 11241100x80000000000000004031708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7cdc9b1e6e38f62021-12-22 12:47:27.193root 11241100x80000000000000004031709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076b7adc34fa2fc32021-12-22 12:47:27.193root 11241100x80000000000000004031710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d740236dfe917b092021-12-22 12:47:27.193root 11241100x80000000000000004031711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ad1184dfe89cfa2021-12-22 12:47:27.193root 11241100x80000000000000004031712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf6ce7bf689a68a2021-12-22 12:47:27.193root 11241100x80000000000000004031713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8f888ab6b4a81f2021-12-22 12:47:27.194root 11241100x80000000000000004031714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903096324029a5ec2021-12-22 12:47:27.194root 11241100x80000000000000004031715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3446995ee35832802021-12-22 12:47:27.194root 11241100x80000000000000004031716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce5c89106f47cdf2021-12-22 12:47:27.194root 11241100x80000000000000004031717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a34e333699fc4d52021-12-22 12:47:27.194root 11241100x80000000000000004031718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8415c661a8102acb2021-12-22 12:47:27.194root 11241100x80000000000000004031719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5813c68c82c207652021-12-22 12:47:27.194root 11241100x80000000000000004031720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeb1ca874250de52021-12-22 12:47:27.194root 11241100x80000000000000004031721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed31c99e7a0588812021-12-22 12:47:27.194root 11241100x80000000000000004031722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1550cfae0d45202021-12-22 12:47:27.194root 11241100x80000000000000004031723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e424760de02c7c952021-12-22 12:47:27.195root 11241100x80000000000000004031724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fd138594c781a92021-12-22 12:47:27.195root 11241100x80000000000000004031725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8befe1c93228c4092021-12-22 12:47:27.195root 11241100x80000000000000004031726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e191351305eb902021-12-22 12:47:27.195root 11241100x80000000000000004031727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73e4f54a5c795a62021-12-22 12:47:27.195root 11241100x80000000000000004031728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47827ee6a34d5e412021-12-22 12:47:27.195root 11241100x80000000000000004031729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54854a913f7a3fc2021-12-22 12:47:27.195root 11241100x80000000000000004031730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f11a307f7b3a7a82021-12-22 12:47:27.195root 11241100x80000000000000004031731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b586eaf39c85497a2021-12-22 12:47:27.195root 11241100x80000000000000004031732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e7625c61fd322b2021-12-22 12:47:27.196root 11241100x80000000000000004031733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701e30c61c9202cf2021-12-22 12:47:27.196root 11241100x80000000000000004031734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2740bb4eead6a9b62021-12-22 12:47:27.196root 11241100x80000000000000004031735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2521ddde13448a32021-12-22 12:47:27.196root 11241100x80000000000000004031736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2c88d242a82e7d2021-12-22 12:47:27.196root 11241100x80000000000000004031737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef06ae7ff7f3007e2021-12-22 12:47:27.196root 11241100x80000000000000004031738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14f4fd0befc361d2021-12-22 12:47:27.196root 11241100x80000000000000004031739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3188b5e4b1c09c092021-12-22 12:47:27.196root 11241100x80000000000000004031740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36de0e5bb9a90a0d2021-12-22 12:47:27.196root 11241100x80000000000000004031741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c880023c34af0f2021-12-22 12:47:27.197root 11241100x80000000000000004031742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf93cb0571b8ea2f2021-12-22 12:47:27.197root 11241100x80000000000000004031743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a995bd8492455ce82021-12-22 12:47:27.197root 11241100x80000000000000004031744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04004251c69017f2021-12-22 12:47:27.197root 11241100x80000000000000004031745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4fecf22b7309bb2021-12-22 12:47:27.197root 11241100x80000000000000004031746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21971814876de86d2021-12-22 12:47:27.197root 11241100x80000000000000004031747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5c507b9cef1d3f2021-12-22 12:47:27.197root 11241100x80000000000000004031748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db1bda6b24132ce2021-12-22 12:47:27.197root 11241100x80000000000000004031749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98f5a3367aaf1f42021-12-22 12:47:27.197root 11241100x80000000000000004031750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aa43a62d194e7c2021-12-22 12:47:27.198root 11241100x80000000000000004031751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52df1959f1477212021-12-22 12:47:27.198root 11241100x80000000000000004031752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaf8633db8eeeb02021-12-22 12:47:27.198root 11241100x80000000000000004031753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98e14c6701e75ee2021-12-22 12:47:27.198root 11241100x80000000000000004031754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef97188442ec288b2021-12-22 12:47:27.198root 11241100x80000000000000004031755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d718d9812a4e37562021-12-22 12:47:27.198root 11241100x80000000000000004031756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d3a7727feb95ef2021-12-22 12:47:27.198root 11241100x80000000000000004031757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53013b77f3de12392021-12-22 12:47:27.198root 11241100x80000000000000004031758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7f2a6248e7d7852021-12-22 12:47:27.198root 11241100x80000000000000004031759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2260e38707ae5ab62021-12-22 12:47:27.199root 11241100x80000000000000004031760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8a80e450bbce8d2021-12-22 12:47:27.199root 11241100x80000000000000004031761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0e2647c2c8e27a2021-12-22 12:47:27.199root 11241100x80000000000000004031762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be7506f4dcba8fd2021-12-22 12:47:27.199root 11241100x80000000000000004031763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c268413fc502f1b2021-12-22 12:47:27.199root 11241100x80000000000000004031764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66769bc78ea24c92021-12-22 12:47:27.199root 11241100x80000000000000004031765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a22f3c6fb6b0ac2021-12-22 12:47:27.199root 11241100x80000000000000004031766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cab6a7516a06f52021-12-22 12:47:27.199root 11241100x80000000000000004031767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bbd8e282695b772021-12-22 12:47:27.199root 11241100x80000000000000004031768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1a768f1a16ac942021-12-22 12:47:27.200root 11241100x80000000000000004031769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ee0fee88b71c952021-12-22 12:47:27.200root 11241100x80000000000000004031770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b60230c6c68e80b2021-12-22 12:47:27.200root 11241100x80000000000000004031771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029f4b481cc4efd72021-12-22 12:47:27.200root 11241100x80000000000000004031772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eb653b76cc7f222021-12-22 12:47:27.200root 11241100x80000000000000004031773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c776c6de3fa7d6a2021-12-22 12:47:27.200root 11241100x80000000000000004031774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa44e55bcb9ea1392021-12-22 12:47:27.200root 11241100x80000000000000004031775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c541129dbb8d33e2021-12-22 12:47:27.200root 11241100x80000000000000004031776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfcc270f5b7a99d2021-12-22 12:47:27.200root 11241100x80000000000000004031777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6536204a10ce1ec72021-12-22 12:47:27.200root 11241100x80000000000000004031778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41639e68589a61662021-12-22 12:47:27.201root 11241100x80000000000000004031779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ba8440ed34cb812021-12-22 12:47:27.201root 11241100x80000000000000004031780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794aca70d457c5da2021-12-22 12:47:27.201root 11241100x80000000000000004031781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46aca7ac14f951192021-12-22 12:47:27.201root 11241100x80000000000000004031782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5008f42303f3b12021-12-22 12:47:27.201root 11241100x80000000000000004031783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418f35f5042c0b922021-12-22 12:47:27.201root 11241100x80000000000000004031784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f510c197a62403c62021-12-22 12:47:27.201root 11241100x80000000000000004031785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d5acf19ff3ffbe2021-12-22 12:47:27.694root 11241100x80000000000000004031786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bff7d38e1df9ab2021-12-22 12:47:27.694root 11241100x80000000000000004031787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab9fa38c48284e42021-12-22 12:47:27.695root 11241100x80000000000000004031788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e7168397cb92c32021-12-22 12:47:27.695root 11241100x80000000000000004031789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b30fbd3ec3b0a8a2021-12-22 12:47:27.695root 11241100x80000000000000004031790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50f7dc5c18a5e732021-12-22 12:47:27.695root 11241100x80000000000000004031791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a05074b65ffe462021-12-22 12:47:27.695root 11241100x80000000000000004031792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b4887dfdddc9fd2021-12-22 12:47:27.695root 11241100x80000000000000004031793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0f3d080d63f9c42021-12-22 12:47:27.695root 11241100x80000000000000004031794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bed7ce5a8131ec2021-12-22 12:47:27.695root 11241100x80000000000000004031795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6af04631d86def2021-12-22 12:47:27.696root 11241100x80000000000000004031796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f665bb9f2ffba072021-12-22 12:47:27.696root 11241100x80000000000000004031797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2199d41ec5a3abd02021-12-22 12:47:27.696root 11241100x80000000000000004031798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e9a9ab8a8cf22b2021-12-22 12:47:27.696root 11241100x80000000000000004031799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dcdd0a7771e1c12021-12-22 12:47:27.696root 11241100x80000000000000004031800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a20fd96fc1f8262021-12-22 12:47:27.696root 11241100x80000000000000004031801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b704fc396ad37bdb2021-12-22 12:47:27.696root 11241100x80000000000000004031802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6c081372e4c0d22021-12-22 12:47:27.697root 11241100x80000000000000004031803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9006487fb03b0cdc2021-12-22 12:47:27.697root 11241100x80000000000000004031804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933f541d38d841782021-12-22 12:47:27.697root 11241100x80000000000000004031805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe28fa106650a0d2021-12-22 12:47:27.698root 11241100x80000000000000004031806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b67ce3cc77df9ff2021-12-22 12:47:27.698root 11241100x80000000000000004031807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0fd98836155a1b2021-12-22 12:47:27.698root 11241100x80000000000000004031808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96134f2834edb29c2021-12-22 12:47:27.698root 11241100x80000000000000004031809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a60b6393ed42892021-12-22 12:47:27.698root 11241100x80000000000000004031810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48429cc71434810b2021-12-22 12:47:27.698root 11241100x80000000000000004031811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babbebec0742f6862021-12-22 12:47:27.698root 11241100x80000000000000004031812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c2734ab8808e232021-12-22 12:47:27.699root 11241100x80000000000000004031813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e94dce4c58988282021-12-22 12:47:27.699root 11241100x80000000000000004031814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1168f601020d20a92021-12-22 12:47:27.699root 11241100x80000000000000004031815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18c8399050494e92021-12-22 12:47:27.699root 11241100x80000000000000004031816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa6b638ec44bb912021-12-22 12:47:27.699root 11241100x80000000000000004031817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcbc441907d540d2021-12-22 12:47:27.699root 11241100x80000000000000004031818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723684bc373c75a72021-12-22 12:47:27.699root 11241100x80000000000000004031819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccb31e121a7fe2d2021-12-22 12:47:27.700root 11241100x80000000000000004031820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cb207060d257722021-12-22 12:47:27.700root 11241100x80000000000000004031821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fc4df31735be442021-12-22 12:47:27.700root 11241100x80000000000000004031822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fec43f94b266aa62021-12-22 12:47:27.700root 11241100x80000000000000004031823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f63c901f015a112021-12-22 12:47:27.700root 11241100x80000000000000004031824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c2d2f9b6e1a3e52021-12-22 12:47:27.700root 11241100x80000000000000004031825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4c1c8584e3c3202021-12-22 12:47:27.700root 11241100x80000000000000004031826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8094067e4810412021-12-22 12:47:27.700root 11241100x80000000000000004031827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900dccc3d88de9462021-12-22 12:47:27.700root 11241100x80000000000000004031828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f2e6c04a3eec5b2021-12-22 12:47:27.701root 11241100x80000000000000004031829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64244615cd465b52021-12-22 12:47:27.701root 11241100x80000000000000004031830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009b1215a4a970f12021-12-22 12:47:27.701root 11241100x80000000000000004031831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa52efb8976e49582021-12-22 12:47:27.701root 11241100x80000000000000004031832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf702533d0920e72021-12-22 12:47:27.701root 11241100x80000000000000004031833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca02cb176d499e92021-12-22 12:47:27.701root 11241100x80000000000000004031834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6cad321da1e3e62021-12-22 12:47:27.701root 11241100x80000000000000004031835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb79b84fda53f27f2021-12-22 12:47:27.701root 11241100x80000000000000004031836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe3d56abb59651d2021-12-22 12:47:27.702root 11241100x80000000000000004031837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e6cbfee7a7248f2021-12-22 12:47:27.702root 11241100x80000000000000004031838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f398141e0dddda42021-12-22 12:47:27.702root 11241100x80000000000000004031839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4f39f75bbbc31a2021-12-22 12:47:27.702root 11241100x80000000000000004031840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66da27c65597c0512021-12-22 12:47:27.702root 11241100x80000000000000004031841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1795b753591fc952021-12-22 12:47:27.702root 11241100x80000000000000004031842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b342fc1d5b7b052021-12-22 12:47:27.702root 11241100x80000000000000004031843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31216c325293c1792021-12-22 12:47:27.702root 11241100x80000000000000004031844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98791af8bca85e332021-12-22 12:47:27.703root 11241100x80000000000000004031845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59db69efa44787542021-12-22 12:47:27.703root 11241100x80000000000000004031846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b38ab77c7a5efd22021-12-22 12:47:27.703root 11241100x80000000000000004031847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e559a45bc52a2f2021-12-22 12:47:27.703root 11241100x80000000000000004031848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88d940956561ac52021-12-22 12:47:27.703root 11241100x80000000000000004031849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25e1b804c4577462021-12-22 12:47:27.703root 11241100x80000000000000004031850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8781bc40462acdee2021-12-22 12:47:27.703root 11241100x80000000000000004031851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfd775138ff227c2021-12-22 12:47:27.703root 11241100x80000000000000004031852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f89fc591a3f62f2021-12-22 12:47:27.704root 11241100x80000000000000004031853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8f45c243b031782021-12-22 12:47:27.704root 11241100x80000000000000004031854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7244899ff565c3c22021-12-22 12:47:27.704root 11241100x80000000000000004031855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f77083a79b33dc2021-12-22 12:47:27.704root 11241100x80000000000000004031856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced64766b056957f2021-12-22 12:47:27.704root 11241100x80000000000000004031857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87af5b7ff4c60db42021-12-22 12:47:27.704root 11241100x80000000000000004031858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e926241b8516f82021-12-22 12:47:27.704root 11241100x80000000000000004031859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184ec7f3cf3a26df2021-12-22 12:47:27.705root 11241100x80000000000000004031860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d9bd12f3e30a6b2021-12-22 12:47:27.705root 11241100x80000000000000004031861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b391140687e4ecf2021-12-22 12:47:27.705root 11241100x80000000000000004031862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fbaafdbf09a22c2021-12-22 12:47:27.705root 11241100x80000000000000004031863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b1d1cbe31bfe5f2021-12-22 12:47:27.705root 11241100x80000000000000004031864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7e727d1731ec622021-12-22 12:47:27.705root 11241100x80000000000000004031865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c25e4e257a1f53e2021-12-22 12:47:27.705root 11241100x80000000000000004031866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d43049d94d84c8b2021-12-22 12:47:27.705root 11241100x80000000000000004031867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcf2bf3da868a7a2021-12-22 12:47:27.705root 11241100x80000000000000004031868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac772206012994aa2021-12-22 12:47:27.706root 11241100x80000000000000004031869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7716035ead9251f72021-12-22 12:47:27.706root 11241100x80000000000000004031870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16157fe7dbb09c5c2021-12-22 12:47:27.706root 11241100x80000000000000004031871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166290f12f5e64f42021-12-22 12:47:27.706root 11241100x80000000000000004031872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbf27318d2027af2021-12-22 12:47:27.706root 11241100x80000000000000004031873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9525810366e041a62021-12-22 12:47:27.706root 11241100x80000000000000004031874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdaa93c949cf4a02021-12-22 12:47:27.706root 11241100x80000000000000004031875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6678eff6b10f552021-12-22 12:47:27.706root 11241100x80000000000000004031876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0224dccaade8a6e2021-12-22 12:47:27.706root 11241100x80000000000000004031877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c5c2b32957269a2021-12-22 12:47:27.707root 11241100x80000000000000004031878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902971dbe10999862021-12-22 12:47:27.707root 11241100x80000000000000004031879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f4ada23ea14e832021-12-22 12:47:27.707root 11241100x80000000000000004031880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218ed4ead8f1b8922021-12-22 12:47:27.707root 11241100x80000000000000004031881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c94a0312a4b4192021-12-22 12:47:27.707root 11241100x80000000000000004031882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f6e47949515aaa2021-12-22 12:47:27.707root 11241100x80000000000000004031883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d787c64bc8784ed2021-12-22 12:47:27.707root 11241100x80000000000000004031884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b2ff27748012672021-12-22 12:47:27.707root 11241100x80000000000000004031885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b33e37d863a49f2021-12-22 12:47:27.707root 11241100x80000000000000004031886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bb1417264ba34c2021-12-22 12:47:27.707root 11241100x80000000000000004031887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bb7e87887018692021-12-22 12:47:27.707root 11241100x80000000000000004031888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a426e16983db342021-12-22 12:47:27.708root 11241100x80000000000000004031889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b470726d5a432962021-12-22 12:47:27.708root 11241100x80000000000000004031890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6587d613b7b0772021-12-22 12:47:27.708root 11241100x80000000000000004031891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1fbd019b32580e2021-12-22 12:47:27.708root 11241100x80000000000000004031892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277725d512166bde2021-12-22 12:47:27.708root 11241100x80000000000000004031893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f811b9eac9c646382021-12-22 12:47:27.708root 11241100x80000000000000004031894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a783894be4c30932021-12-22 12:47:27.708root 11241100x80000000000000004031895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b65acd7253d29482021-12-22 12:47:27.708root 11241100x80000000000000004031896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da80a07e0c6f5f82021-12-22 12:47:27.708root 11241100x80000000000000004031897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f66e649915556b2021-12-22 12:47:27.708root 11241100x80000000000000004031898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fbedd167208bff2021-12-22 12:47:27.708root 11241100x80000000000000004031899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b40e43725ba6872021-12-22 12:47:27.709root 11241100x80000000000000004031900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feabf54542aa74a82021-12-22 12:47:27.709root 11241100x80000000000000004031901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b28e457e692bf482021-12-22 12:47:27.709root 11241100x80000000000000004031902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919eac4e8fd35f9e2021-12-22 12:47:27.711root 11241100x80000000000000004031903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c3b358a8c096232021-12-22 12:47:27.711root 11241100x80000000000000004031904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a22c8db873ab012021-12-22 12:47:27.711root 11241100x80000000000000004031905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291f05e1e55f29f42021-12-22 12:47:27.711root 11241100x80000000000000004031906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981b094e4b5078342021-12-22 12:47:27.711root 11241100x80000000000000004031907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd095b2d71e7afe2021-12-22 12:47:27.711root 11241100x80000000000000004031908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124f59635d8456e92021-12-22 12:47:27.711root 11241100x80000000000000004031909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c477588ba96fff1d2021-12-22 12:47:27.711root 11241100x80000000000000004031910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58be6fe46e4f09342021-12-22 12:47:27.711root 11241100x80000000000000004031911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea39d2835215a6f2021-12-22 12:47:27.711root 11241100x80000000000000004031912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2424552327716bed2021-12-22 12:47:27.712root 11241100x80000000000000004031913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdbd8bb53038fdb2021-12-22 12:47:27.712root 11241100x80000000000000004031914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999629611c9d3e442021-12-22 12:47:27.712root 11241100x80000000000000004031915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49084d3155478d1f2021-12-22 12:47:27.712root 11241100x80000000000000004031916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90390bb321028a4a2021-12-22 12:47:27.712root 11241100x80000000000000004031917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ca39af2694f9a72021-12-22 12:47:27.712root 11241100x80000000000000004031918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864a95f47b88f0772021-12-22 12:47:27.713root 11241100x80000000000000004031919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a4d8831e9d358d2021-12-22 12:47:27.713root 11241100x80000000000000004031920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b33b9e79fa83dd2021-12-22 12:47:27.713root 11241100x80000000000000004031921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1712327debe753a2021-12-22 12:47:27.713root 11241100x80000000000000004031922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca251966b988e502021-12-22 12:47:27.713root 11241100x80000000000000004031923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e2b61a7ce7a4c22021-12-22 12:47:27.713root 11241100x80000000000000004031924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39d705140e9a8a22021-12-22 12:47:27.713root 11241100x80000000000000004031925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f5592b2ff5fb5b2021-12-22 12:47:27.714root 11241100x80000000000000004031926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d426fd0ec50c3f3d2021-12-22 12:47:27.714root 11241100x80000000000000004031927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de8f9242b68fd5c2021-12-22 12:47:27.714root 11241100x80000000000000004031928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfaa2e6a2e7767932021-12-22 12:47:27.714root 11241100x80000000000000004031929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dd6f02d757c9a12021-12-22 12:47:27.714root 11241100x80000000000000004031930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a41192b1ff6d802021-12-22 12:47:27.714root 11241100x80000000000000004031931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63776cd343d8f3d52021-12-22 12:47:27.714root 11241100x80000000000000004031932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aad11a59e83a0692021-12-22 12:47:27.714root 11241100x80000000000000004031933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9321055973c47a022021-12-22 12:47:27.714root 11241100x80000000000000004031934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c087c11dc002d32021-12-22 12:47:27.714root 11241100x80000000000000004031935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff8b15d671c83bf2021-12-22 12:47:27.715root 11241100x80000000000000004031936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8402816cdd5c002021-12-22 12:47:27.715root 11241100x80000000000000004031937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a882bbc3c0ccf42021-12-22 12:47:27.715root 11241100x80000000000000004031938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b329d7a7de09fd2021-12-22 12:47:27.715root 11241100x80000000000000004031939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5c38f69d0066242021-12-22 12:47:27.715root 11241100x80000000000000004031940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ba564d4eee08db2021-12-22 12:47:27.715root 11241100x80000000000000004031941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c2ec6d08174cbc2021-12-22 12:47:27.715root 11241100x80000000000000004031942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a3ff6c5b8d2a8a2021-12-22 12:47:27.715root 11241100x80000000000000004031943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695beb6073c0201e2021-12-22 12:47:27.716root 11241100x80000000000000004031944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d251bb67c922582021-12-22 12:47:27.716root 11241100x80000000000000004031945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419c94f5916a39512021-12-22 12:47:27.716root 11241100x80000000000000004031946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80876f66086dadf72021-12-22 12:47:27.716root 11241100x80000000000000004031947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139499fad45a3ae42021-12-22 12:47:27.716root 11241100x80000000000000004031948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789ac5157176ce0f2021-12-22 12:47:27.716root 11241100x80000000000000004031949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cfd975b8c8b16a2021-12-22 12:47:27.716root 11241100x80000000000000004031950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3d2ff88bde9f9c2021-12-22 12:47:27.716root 11241100x80000000000000004031951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d682fffbb9dc5442021-12-22 12:47:27.716root 11241100x80000000000000004031952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1513c920f436342021-12-22 12:47:27.716root 11241100x80000000000000004031953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9c19831c2148d92021-12-22 12:47:27.717root 11241100x80000000000000004031954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545c1548a1d86a112021-12-22 12:47:27.717root 11241100x80000000000000004031955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3652b167b71303822021-12-22 12:47:27.717root 11241100x80000000000000004031956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23446cc098efecb32021-12-22 12:47:27.717root 11241100x80000000000000004031957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3faf933f53b90d1d2021-12-22 12:47:27.717root 11241100x80000000000000004031958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081cc46363b56ab02021-12-22 12:47:27.717root 11241100x80000000000000004031959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106695b7aca7aaea2021-12-22 12:47:27.717root 11241100x80000000000000004031960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f4d754050e4b8c2021-12-22 12:47:27.717root 11241100x80000000000000004031961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25364d78cc69329d2021-12-22 12:47:27.717root 11241100x80000000000000004031962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5799e8cd471dd92021-12-22 12:47:27.717root 11241100x80000000000000004031963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b6d2d3317317fa2021-12-22 12:47:27.718root 11241100x80000000000000004031964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a19d7bf7147d6042021-12-22 12:47:27.718root 11241100x80000000000000004031965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692827d0099b0d012021-12-22 12:47:27.718root 11241100x80000000000000004031966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31fa4aba08716062021-12-22 12:47:27.718root 11241100x80000000000000004031967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da7c048f637a9a22021-12-22 12:47:27.718root 11241100x80000000000000004031968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eff58f11b179cdb2021-12-22 12:47:27.718root 11241100x80000000000000004031969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fa8e2b2db3739e2021-12-22 12:47:27.718root 11241100x80000000000000004031970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6ef56f3f5efc112021-12-22 12:47:27.718root 11241100x80000000000000004031971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697e91fc23f363192021-12-22 12:47:27.718root 11241100x80000000000000004031972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0bc3944a035cfb2021-12-22 12:47:27.719root 11241100x80000000000000004031973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911702158113f1d72021-12-22 12:47:27.719root 11241100x80000000000000004031974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b46cdee63ae4262021-12-22 12:47:27.719root 11241100x80000000000000004031975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca32f5ea70e48b12021-12-22 12:47:27.719root 11241100x80000000000000004031976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4700f7620dce32392021-12-22 12:47:27.719root 11241100x80000000000000004031977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9741322cb9490a242021-12-22 12:47:27.719root 11241100x80000000000000004031978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deca8d5abad8dbc2021-12-22 12:47:27.719root 11241100x80000000000000004031979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44840bfb8b1023902021-12-22 12:47:27.719root 11241100x80000000000000004031980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a93fce60a581e2d2021-12-22 12:47:27.719root 11241100x80000000000000004031981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b04e84a3add3f912021-12-22 12:47:27.720root 11241100x80000000000000004031982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710d1ee8a2f647872021-12-22 12:47:27.720root 11241100x80000000000000004031983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585fd06205d819c82021-12-22 12:47:27.720root 11241100x80000000000000004031984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5132eaefdaf925b2021-12-22 12:47:27.720root 11241100x80000000000000004031985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07421f7b66df09f2021-12-22 12:47:27.720root 11241100x80000000000000004031986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f077bc3f64d6b032021-12-22 12:47:27.720root 11241100x80000000000000004031987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04532e8a254306ee2021-12-22 12:47:27.720root 11241100x80000000000000004031988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5885c031529ba13c2021-12-22 12:47:27.721root 11241100x80000000000000004031989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6ded461a031d3b2021-12-22 12:47:27.721root 11241100x80000000000000004031990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf80036d52d495f2021-12-22 12:47:27.721root 11241100x80000000000000004031991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de695fba3be8d2672021-12-22 12:47:27.721root 11241100x80000000000000004031992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a17aaff3922d8c72021-12-22 12:47:27.721root 11241100x80000000000000004031993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7502cf634bb5fb2021-12-22 12:47:27.722root 11241100x80000000000000004031994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739f663c78addd332021-12-22 12:47:27.722root 11241100x80000000000000004031995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2f90eb8f744fc32021-12-22 12:47:27.722root 11241100x80000000000000004031996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9318a183736df4302021-12-22 12:47:27.722root 11241100x80000000000000004031997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17d4f0e63df33042021-12-22 12:47:27.722root 11241100x80000000000000004031998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259229d85972f5922021-12-22 12:47:27.722root 11241100x80000000000000004031999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44561dc6bdc43ffb2021-12-22 12:47:27.722root 11241100x80000000000000004032000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c724df7517b76d2021-12-22 12:47:27.723root 11241100x80000000000000004032001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19bd2c8902d29752021-12-22 12:47:27.723root 11241100x80000000000000004032002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a03fdd87a759712021-12-22 12:47:27.723root 11241100x80000000000000004032003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ea5f02700de0b32021-12-22 12:47:27.723root 11241100x80000000000000004032004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85db5911301b11c62021-12-22 12:47:27.723root 11241100x80000000000000004032005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:27.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f2cdb152eabb152021-12-22 12:47:27.723root 11241100x80000000000000004032006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbeb1ff164cb97a2021-12-22 12:47:28.193root 11241100x80000000000000004032007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36066c23c1a489a52021-12-22 12:47:28.193root 11241100x80000000000000004032008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7242908f92eff2a2021-12-22 12:47:28.193root 11241100x80000000000000004032009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5a64721be46d332021-12-22 12:47:28.194root 11241100x80000000000000004032010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac53d735b3262f92021-12-22 12:47:28.194root 11241100x80000000000000004032011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fa338855c2533a2021-12-22 12:47:28.194root 11241100x80000000000000004032012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972535562651c1202021-12-22 12:47:28.194root 11241100x80000000000000004032013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0bbb6f025ddd5a2021-12-22 12:47:28.194root 11241100x80000000000000004032014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e07db5bb6f79902021-12-22 12:47:28.194root 11241100x80000000000000004032015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cec9a9cadb12fa2021-12-22 12:47:28.195root 11241100x80000000000000004032016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0703f11ee114062021-12-22 12:47:28.195root 11241100x80000000000000004032017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa347fb3058b1d2b2021-12-22 12:47:28.195root 11241100x80000000000000004032018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0129343a07c29c952021-12-22 12:47:28.195root 11241100x80000000000000004032019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c888067b5e3bf242021-12-22 12:47:28.195root 11241100x80000000000000004032020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b15d1cb50d0da962021-12-22 12:47:28.195root 11241100x80000000000000004032021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed07c97af98d97b52021-12-22 12:47:28.196root 11241100x80000000000000004032022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86542ef05dcb23882021-12-22 12:47:28.196root 11241100x80000000000000004032023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1cba956f81956b2021-12-22 12:47:28.196root 11241100x80000000000000004032024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d751800a263224832021-12-22 12:47:28.196root 11241100x80000000000000004032025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5b75762812df8c2021-12-22 12:47:28.196root 11241100x80000000000000004032026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab4739e145f94d62021-12-22 12:47:28.196root 11241100x80000000000000004032027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114c1e498da225fd2021-12-22 12:47:28.196root 11241100x80000000000000004032028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f3fa0511efae3a2021-12-22 12:47:28.197root 11241100x80000000000000004032029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a98515494d70b22021-12-22 12:47:28.197root 11241100x80000000000000004032030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0219d27690a3cf62021-12-22 12:47:28.197root 11241100x80000000000000004032031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370a0ba1967a8f182021-12-22 12:47:28.197root 11241100x80000000000000004032032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925bb9faa610b04c2021-12-22 12:47:28.197root 11241100x80000000000000004032033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abc4b257947948f2021-12-22 12:47:28.197root 11241100x80000000000000004032034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42acc260fc1a6ca2021-12-22 12:47:28.197root 11241100x80000000000000004032035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d03b8c1c92b0bd62021-12-22 12:47:28.197root 11241100x80000000000000004032036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6b04bd163e743a2021-12-22 12:47:28.198root 11241100x80000000000000004032037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b6c2bdf8af003e2021-12-22 12:47:28.198root 11241100x80000000000000004032038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c753f244217ed9902021-12-22 12:47:28.198root 11241100x80000000000000004032039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3794aecb4248c0432021-12-22 12:47:28.198root 11241100x80000000000000004032040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990b84637c808f212021-12-22 12:47:28.198root 11241100x80000000000000004032041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f634ff541c352c1b2021-12-22 12:47:28.198root 11241100x80000000000000004032042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcce895629587262021-12-22 12:47:28.198root 11241100x80000000000000004032043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b8707fb8e4becd2021-12-22 12:47:28.199root 11241100x80000000000000004032044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a2c5f9d9a649a62021-12-22 12:47:28.199root 11241100x80000000000000004032045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff90614c3da53f3a2021-12-22 12:47:28.199root 11241100x80000000000000004032046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b40b95c476b2572021-12-22 12:47:28.199root 11241100x80000000000000004032047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c160e4fad77b02172021-12-22 12:47:28.199root 11241100x80000000000000004032048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9479b660cfa82c2021-12-22 12:47:28.199root 11241100x80000000000000004032049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bc86f6478219e12021-12-22 12:47:28.200root 11241100x80000000000000004032050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec5e7615e6c54672021-12-22 12:47:28.200root 11241100x80000000000000004032051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee43f1379e537842021-12-22 12:47:28.200root 11241100x80000000000000004032052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b67dde1e958bb352021-12-22 12:47:28.200root 11241100x80000000000000004032053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3caca018d68d8f2021-12-22 12:47:28.200root 11241100x80000000000000004032054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def6a18b2a7a5e5a2021-12-22 12:47:28.200root 11241100x80000000000000004032055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81859d855a7236802021-12-22 12:47:28.200root 11241100x80000000000000004032056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f3751ac635e2392021-12-22 12:47:28.201root 11241100x80000000000000004032057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8e68f751b1790e2021-12-22 12:47:28.201root 11241100x80000000000000004032058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5e60f53efb211e2021-12-22 12:47:28.201root 11241100x80000000000000004032059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa482a88fc0ab9a2021-12-22 12:47:28.201root 11241100x80000000000000004032060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dc6e85b8f93d252021-12-22 12:47:28.201root 11241100x80000000000000004032061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5c89675c8d51422021-12-22 12:47:28.201root 11241100x80000000000000004032062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d2e3a4bfe235382021-12-22 12:47:28.201root 11241100x80000000000000004032063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86160b1ade39dab22021-12-22 12:47:28.202root 11241100x80000000000000004032064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b41c0f7d4479a172021-12-22 12:47:28.202root 11241100x80000000000000004032065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea05f4849dc823ba2021-12-22 12:47:28.202root 11241100x80000000000000004032066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f633aa20525ef692021-12-22 12:47:28.202root 11241100x80000000000000004032067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32415f78aca820b62021-12-22 12:47:28.203root 11241100x80000000000000004032068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fe7fb203f4d5fa2021-12-22 12:47:28.203root 11241100x80000000000000004032069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692521b3f153ca452021-12-22 12:47:28.203root 11241100x80000000000000004032070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddefa071e241544c2021-12-22 12:47:28.203root 11241100x80000000000000004032071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2a9f9c97d1c1272021-12-22 12:47:28.203root 11241100x80000000000000004032072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128e0641cabe8e762021-12-22 12:47:28.203root 11241100x80000000000000004032073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9480e17ee718f6ef2021-12-22 12:47:28.204root 11241100x80000000000000004032074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74b5113df51fde32021-12-22 12:47:28.204root 11241100x80000000000000004032075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c4c401a39626362021-12-22 12:47:28.204root 11241100x80000000000000004032076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e6da70504a12bd2021-12-22 12:47:28.204root 11241100x80000000000000004032077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e6e855806f89832021-12-22 12:47:28.204root 11241100x80000000000000004032078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb32d10c17681db2021-12-22 12:47:28.204root 11241100x80000000000000004032079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2401da4599c4b02021-12-22 12:47:28.204root 11241100x80000000000000004032080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1bb1c426012bee2021-12-22 12:47:28.204root 11241100x80000000000000004032081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430d9d2a4fff04dc2021-12-22 12:47:28.204root 11241100x80000000000000004032082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645f6122d7e0178f2021-12-22 12:47:28.205root 11241100x80000000000000004032083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f5ad80a26a90252021-12-22 12:47:28.205root 11241100x80000000000000004032084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0677118cc29d81462021-12-22 12:47:28.205root 11241100x80000000000000004032085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc82c4dc1827cd12021-12-22 12:47:28.205root 11241100x80000000000000004032086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421a8283dbb91a652021-12-22 12:47:28.205root 11241100x80000000000000004032087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b33d190ab8818372021-12-22 12:47:28.205root 11241100x80000000000000004032088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5256f5e4442e98d72021-12-22 12:47:28.205root 11241100x80000000000000004032089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d980752f66fdf62021-12-22 12:47:28.205root 11241100x80000000000000004032090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cdac3f41b33cf12021-12-22 12:47:28.205root 11241100x80000000000000004032091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6345c9671a7ea5e2021-12-22 12:47:28.205root 11241100x80000000000000004032092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b368f47e3afef1f12021-12-22 12:47:28.206root 11241100x80000000000000004032093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfdaa2f2c51b6272021-12-22 12:47:28.206root 11241100x80000000000000004032094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa33d34b3c9ff3e2021-12-22 12:47:28.206root 11241100x80000000000000004032095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dea321ae483a7902021-12-22 12:47:28.206root 11241100x80000000000000004032096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aa02e474201cba2021-12-22 12:47:28.206root 11241100x80000000000000004032097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0047aaf8198c6f2021-12-22 12:47:28.206root 11241100x80000000000000004032098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce206c87b72eb992021-12-22 12:47:28.206root 11241100x80000000000000004032099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f516bcd42990f42021-12-22 12:47:28.206root 11241100x80000000000000004032100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab901a8ad589dcc2021-12-22 12:47:28.206root 11241100x80000000000000004032101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5228653169abc1192021-12-22 12:47:28.206root 11241100x80000000000000004032102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68a109bc20f979d2021-12-22 12:47:28.206root 11241100x80000000000000004032103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1028b220911a4bc52021-12-22 12:47:28.207root 11241100x80000000000000004032104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d684a7593c5e5e62021-12-22 12:47:28.207root 11241100x80000000000000004032105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbee3d0b690b9e62021-12-22 12:47:28.207root 11241100x80000000000000004032106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba36c4e961b2c8202021-12-22 12:47:28.207root 11241100x80000000000000004032107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fef9519b4e76f0c2021-12-22 12:47:28.207root 11241100x80000000000000004032108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59952fae8c608ee2021-12-22 12:47:28.207root 11241100x80000000000000004032109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4db1d92b29fc572021-12-22 12:47:28.207root 11241100x80000000000000004032110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edefa4b8d6ae336c2021-12-22 12:47:28.207root 11241100x80000000000000004032111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0174f508dba6d1b72021-12-22 12:47:28.207root 11241100x80000000000000004032112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b662b321091e432021-12-22 12:47:28.207root 11241100x80000000000000004032113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86aac312f688a442021-12-22 12:47:28.207root 11241100x80000000000000004032114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714c0eb09c8600812021-12-22 12:47:28.208root 11241100x80000000000000004032115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead322b9a6b1d5402021-12-22 12:47:28.208root 11241100x80000000000000004032116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e079f7b15175a22021-12-22 12:47:28.208root 11241100x80000000000000004032117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecd28087d0cba0d2021-12-22 12:47:28.208root 11241100x80000000000000004032118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1108bcf6e80234c72021-12-22 12:47:28.208root 11241100x80000000000000004032119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decd5baf33b566cb2021-12-22 12:47:28.208root 11241100x80000000000000004032120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d58a77ce3d5ee82021-12-22 12:47:28.208root 11241100x80000000000000004032121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cbb0a77e8b85532021-12-22 12:47:28.208root 11241100x80000000000000004032122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65b24bf2735bf822021-12-22 12:47:28.208root 11241100x80000000000000004032123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aaf7449a433fbc2021-12-22 12:47:28.209root 11241100x80000000000000004032124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07b8dcc550dad082021-12-22 12:47:28.209root 11241100x80000000000000004032125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8d89edeb4b32552021-12-22 12:47:28.209root 11241100x80000000000000004032126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fbd6f028ba5f3a2021-12-22 12:47:28.209root 11241100x80000000000000004032127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff759c9201e227d2021-12-22 12:47:28.209root 11241100x80000000000000004032128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86af96aaa434f0102021-12-22 12:47:28.209root 11241100x80000000000000004032129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d37798211a7eadf2021-12-22 12:47:28.209root 11241100x80000000000000004032130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dd233e51bb63212021-12-22 12:47:28.209root 11241100x80000000000000004032131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa735c4a67caee82021-12-22 12:47:28.209root 11241100x80000000000000004032132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13b9fce0194acf92021-12-22 12:47:28.209root 11241100x80000000000000004032133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0a71525a5324152021-12-22 12:47:28.210root 11241100x80000000000000004032134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d099c0ee3872372021-12-22 12:47:28.210root 11241100x80000000000000004032135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5e564d4fe13c052021-12-22 12:47:28.210root 11241100x80000000000000004032136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5164a1be212390542021-12-22 12:47:28.210root 11241100x80000000000000004032137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c1d91e1bcd620b2021-12-22 12:47:28.211root 11241100x80000000000000004032138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69b5d3db35058942021-12-22 12:47:28.211root 11241100x80000000000000004032139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4774366b1f9b08962021-12-22 12:47:28.211root 11241100x80000000000000004032140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a567064fa26bd862021-12-22 12:47:28.211root 11241100x80000000000000004032141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841aefa4ec1b6ec52021-12-22 12:47:28.212root 11241100x80000000000000004032142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9e97322f3e609f2021-12-22 12:47:28.212root 11241100x80000000000000004032143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5a1cd538a8c7e12021-12-22 12:47:28.212root 11241100x80000000000000004032144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14ebb979cff8dfa2021-12-22 12:47:28.212root 11241100x80000000000000004032145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f5facc33d24362021-12-22 12:47:28.213root 11241100x80000000000000004032146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d6e4e7e26306932021-12-22 12:47:28.213root 11241100x80000000000000004032147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f1e611a2424c472021-12-22 12:47:28.213root 11241100x80000000000000004032148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8065c698cd969ce82021-12-22 12:47:28.213root 11241100x80000000000000004032149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f1b3ea21b94fb02021-12-22 12:47:28.213root 11241100x80000000000000004032150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea96ec8b5a58f7a82021-12-22 12:47:28.214root 11241100x80000000000000004032151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f397fb8b4e674c2021-12-22 12:47:28.214root 11241100x80000000000000004032152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f44351077803662021-12-22 12:47:28.214root 11241100x80000000000000004032153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cccc84e7c9ae3e42021-12-22 12:47:28.214root 11241100x80000000000000004032154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c741d69c97e633b72021-12-22 12:47:28.214root 11241100x80000000000000004032155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cefc287656a40c2021-12-22 12:47:28.214root 11241100x80000000000000004032156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9579502ca61665c12021-12-22 12:47:28.215root 11241100x80000000000000004032157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2642d35e3f40963e2021-12-22 12:47:28.215root 11241100x80000000000000004032158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038cec1be574ecb42021-12-22 12:47:28.215root 11241100x80000000000000004032159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f85791f2353add2021-12-22 12:47:28.215root 11241100x80000000000000004032160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3d5dee33c9aef12021-12-22 12:47:28.215root 11241100x80000000000000004032161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23716d4e737b012a2021-12-22 12:47:28.216root 11241100x80000000000000004032162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb3242f4a50b1472021-12-22 12:47:28.216root 11241100x80000000000000004032163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2226909a0d0efc352021-12-22 12:47:28.216root 11241100x80000000000000004032164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed372038802fced2021-12-22 12:47:28.216root 11241100x80000000000000004032165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d083e7a55ac2402021-12-22 12:47:28.216root 11241100x80000000000000004032166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10594779b86d55c2021-12-22 12:47:28.217root 11241100x80000000000000004032167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c2abf3573110792021-12-22 12:47:28.217root 11241100x80000000000000004032168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc101b42030e4df2021-12-22 12:47:28.217root 11241100x80000000000000004032169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d9da6c30db11b52021-12-22 12:47:28.217root 11241100x80000000000000004032170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2e269002db4c0f2021-12-22 12:47:28.218root 11241100x80000000000000004032171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c0a857ac6509672021-12-22 12:47:28.218root 11241100x80000000000000004032172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220b44d433c8a9842021-12-22 12:47:28.693root 11241100x80000000000000004032173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b403b61d534bfb2021-12-22 12:47:28.693root 11241100x80000000000000004032174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbb8e2fa7ed5c712021-12-22 12:47:28.693root 11241100x80000000000000004032175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c830e811d6c6f52021-12-22 12:47:28.694root 11241100x80000000000000004032176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8e0ccbf852a8222021-12-22 12:47:28.694root 11241100x80000000000000004032177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8fc0bd77d3ab782021-12-22 12:47:28.694root 11241100x80000000000000004032178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348f4983dbdab41f2021-12-22 12:47:28.694root 11241100x80000000000000004032179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e906b33d7e30930c2021-12-22 12:47:28.695root 11241100x80000000000000004032180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199b0e6b70b6f1b62021-12-22 12:47:28.695root 11241100x80000000000000004032181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2076bd8107036fe92021-12-22 12:47:28.695root 11241100x80000000000000004032182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a085ea621d6bae1f2021-12-22 12:47:28.696root 11241100x80000000000000004032183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e026373938bc9f72021-12-22 12:47:28.696root 11241100x80000000000000004032184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cf7fed91638bf82021-12-22 12:47:28.696root 11241100x80000000000000004032185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa74e6920abf25e2021-12-22 12:47:28.696root 11241100x80000000000000004032186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8abba192bf3e5a2021-12-22 12:47:28.697root 11241100x80000000000000004032187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cddc5da294a6862021-12-22 12:47:28.697root 11241100x80000000000000004032188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203045e2c477a3222021-12-22 12:47:28.697root 11241100x80000000000000004032189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2296334deab233c12021-12-22 12:47:28.697root 11241100x80000000000000004032190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5809f0190558721e2021-12-22 12:47:28.698root 11241100x80000000000000004032191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadc5a9d6674ff5b2021-12-22 12:47:28.698root 11241100x80000000000000004032192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7dc36b6e949c9c2021-12-22 12:47:28.698root 11241100x80000000000000004032193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e0c800a46b9a3c2021-12-22 12:47:28.698root 11241100x80000000000000004032194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa0429a595a43b62021-12-22 12:47:28.698root 11241100x80000000000000004032195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74f59edb90772da2021-12-22 12:47:28.699root 11241100x80000000000000004032196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eca5c5eaa06f9932021-12-22 12:47:28.699root 11241100x80000000000000004032197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4e501e112397d02021-12-22 12:47:28.699root 11241100x80000000000000004032198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef29bddc1681da12021-12-22 12:47:28.699root 11241100x80000000000000004032199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967f663f2a89f4e02021-12-22 12:47:28.700root 11241100x80000000000000004032200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff085ecfb7447d12021-12-22 12:47:28.700root 11241100x80000000000000004032201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89f05ebc56242092021-12-22 12:47:28.700root 11241100x80000000000000004032202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e66add05b0a6392021-12-22 12:47:28.700root 11241100x80000000000000004032203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b8aaedc8bf3ec12021-12-22 12:47:28.700root 11241100x80000000000000004032204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c043bc00d9c58f42021-12-22 12:47:28.700root 11241100x80000000000000004032205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a35ca8cbe261a92021-12-22 12:47:28.700root 11241100x80000000000000004032206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bda79c036c745f92021-12-22 12:47:28.701root 11241100x80000000000000004032207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b01a182cda4b842021-12-22 12:47:28.701root 11241100x80000000000000004032208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9291728b0903bf42021-12-22 12:47:28.701root 11241100x80000000000000004032209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674d19d8ece38e632021-12-22 12:47:28.702root 11241100x80000000000000004032210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df554255b14df2d2021-12-22 12:47:28.702root 11241100x80000000000000004032211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf4ea120f7105d62021-12-22 12:47:28.702root 11241100x80000000000000004032212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6febb4ee4498632f2021-12-22 12:47:28.702root 11241100x80000000000000004032213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b64143f1799bb42021-12-22 12:47:28.702root 11241100x80000000000000004032214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651ea6ca256b76662021-12-22 12:47:28.702root 11241100x80000000000000004032215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7a2fc63877a6442021-12-22 12:47:28.703root 11241100x80000000000000004032216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9399abce5dc7ece62021-12-22 12:47:28.703root 11241100x80000000000000004032217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c799510a88755352021-12-22 12:47:28.703root 11241100x80000000000000004032218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb3b51067b7e4f82021-12-22 12:47:28.703root 11241100x80000000000000004032219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc937b05367eac6c2021-12-22 12:47:28.703root 11241100x80000000000000004032220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73aefb7aef1dff4a2021-12-22 12:47:28.703root 11241100x80000000000000004032221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d94501f933525c2021-12-22 12:47:28.703root 11241100x80000000000000004032222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b213c49199b423132021-12-22 12:47:28.703root 11241100x80000000000000004032223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190faddb8dcc624f2021-12-22 12:47:28.703root 11241100x80000000000000004032224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0333b2ef800483b42021-12-22 12:47:28.704root 11241100x80000000000000004032225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db591bed0e27b0192021-12-22 12:47:28.704root 11241100x80000000000000004032226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd265b2a9cd4d8f2021-12-22 12:47:28.704root 11241100x80000000000000004032227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7afd19af589900a2021-12-22 12:47:28.705root 11241100x80000000000000004032228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4525ff68cddb6c352021-12-22 12:47:28.705root 11241100x80000000000000004032229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df3410e47f8afa32021-12-22 12:47:28.705root 11241100x80000000000000004032230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7a14f0bc8989402021-12-22 12:47:28.705root 11241100x80000000000000004032231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6938a765e88ef5972021-12-22 12:47:28.706root 11241100x80000000000000004032232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f635d8b0fd1dbbba2021-12-22 12:47:28.706root 11241100x80000000000000004032233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8124d0494fc0c92021-12-22 12:47:28.706root 11241100x80000000000000004032234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33649cee08294d9d2021-12-22 12:47:28.706root 11241100x80000000000000004032235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba2af8fe72b3c7b2021-12-22 12:47:28.707root 11241100x80000000000000004032236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed65f2c5370105732021-12-22 12:47:28.707root 11241100x80000000000000004032237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d445e553f0dbc6942021-12-22 12:47:28.707root 11241100x80000000000000004032238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a618580a1abeaa942021-12-22 12:47:28.707root 11241100x80000000000000004032239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d668d5c7c83b75ff2021-12-22 12:47:28.707root 11241100x80000000000000004032240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2ca4ccc8c414442021-12-22 12:47:28.707root 11241100x80000000000000004032241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23e70b3ef8134c52021-12-22 12:47:28.708root 11241100x80000000000000004032242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e4bf674ada61fa2021-12-22 12:47:28.708root 11241100x80000000000000004032243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df5a8bd8e56955e2021-12-22 12:47:28.708root 11241100x80000000000000004032244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a9c826e019394c2021-12-22 12:47:28.708root 11241100x80000000000000004032245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323064a4645ddf3f2021-12-22 12:47:28.708root 11241100x80000000000000004032246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b154c864f2f3e72021-12-22 12:47:28.708root 11241100x80000000000000004032247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79669e6495213942021-12-22 12:47:28.708root 11241100x80000000000000004032248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d208711436e74f32021-12-22 12:47:28.708root 11241100x80000000000000004032249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889514fa664a459e2021-12-22 12:47:28.708root 11241100x80000000000000004032250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e80a0ee28d1db112021-12-22 12:47:28.708root 11241100x80000000000000004032251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e3ec6e274bac722021-12-22 12:47:28.708root 11241100x80000000000000004032252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc1eef6b9098f4b2021-12-22 12:47:28.708root 11241100x80000000000000004032253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a138535637b9d32021-12-22 12:47:28.709root 11241100x80000000000000004032254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9eb47fd8bf614f22021-12-22 12:47:28.709root 11241100x80000000000000004032255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9be7489606f284c2021-12-22 12:47:28.709root 11241100x80000000000000004032256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be12979822609f7e2021-12-22 12:47:28.709root 11241100x80000000000000004032257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a65dfb81f7598a12021-12-22 12:47:28.713root 11241100x80000000000000004032258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88ba1e02a8396532021-12-22 12:47:28.713root 11241100x80000000000000004032259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90632088875e891a2021-12-22 12:47:28.713root 11241100x80000000000000004032260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1b279e6e4dbb722021-12-22 12:47:28.713root 11241100x80000000000000004032261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2cba3fb65074cc2021-12-22 12:47:28.713root 11241100x80000000000000004032262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecde0c87a88e8e32021-12-22 12:47:28.713root 11241100x80000000000000004032263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fffd4492bef20882021-12-22 12:47:28.714root 11241100x80000000000000004032264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5dabea720ee5382021-12-22 12:47:28.714root 11241100x80000000000000004032265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30edac537a63a9372021-12-22 12:47:28.714root 11241100x80000000000000004032266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67e2b5c38d83c272021-12-22 12:47:28.714root 11241100x80000000000000004032267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d532478c912529c2021-12-22 12:47:28.714root 11241100x80000000000000004032268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb02c01981406992021-12-22 12:47:28.714root 11241100x80000000000000004032269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6a1e3c8117d5012021-12-22 12:47:28.714root 11241100x80000000000000004032270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b17954005227a22021-12-22 12:47:28.714root 11241100x80000000000000004032271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc760008abb94922021-12-22 12:47:28.714root 11241100x80000000000000004032272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfb0c1727d9080c2021-12-22 12:47:28.714root 11241100x80000000000000004032273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96622af7d5333a62021-12-22 12:47:28.714root 11241100x80000000000000004032274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe258cb7804b6e42021-12-22 12:47:28.714root 11241100x80000000000000004032275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4cd2154921d6892021-12-22 12:47:28.714root 11241100x80000000000000004032276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151bc0f587226fb22021-12-22 12:47:28.714root 11241100x80000000000000004032277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9215118a03baa2b2021-12-22 12:47:28.714root 11241100x80000000000000004032278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0173eaed395ff52021-12-22 12:47:28.714root 11241100x80000000000000004032279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f41cb0806528ed02021-12-22 12:47:28.715root 11241100x80000000000000004032280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd46f2b1adecf5192021-12-22 12:47:28.715root 11241100x80000000000000004032281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eee687d8dab1b482021-12-22 12:47:28.715root 11241100x80000000000000004032282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869e875efde2ea602021-12-22 12:47:28.717root 11241100x80000000000000004032283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5a86ee0ccd711e2021-12-22 12:47:28.717root 11241100x80000000000000004032284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1568a8c3d36909622021-12-22 12:47:28.717root 11241100x80000000000000004032285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fa80ac4f92e5842021-12-22 12:47:28.717root 11241100x80000000000000004032286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2596faf9821695892021-12-22 12:47:28.717root 11241100x80000000000000004032287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a8731d5f1cd8a02021-12-22 12:47:28.717root 11241100x80000000000000004032288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32f066ef6e11d632021-12-22 12:47:28.717root 11241100x80000000000000004032289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ee0acbfe5227db2021-12-22 12:47:28.717root 11241100x80000000000000004032290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf89251b37c26b312021-12-22 12:47:28.717root 11241100x80000000000000004032291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04628d52993ded162021-12-22 12:47:28.717root 11241100x80000000000000004032292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1d539ada5794e22021-12-22 12:47:28.718root 11241100x80000000000000004032293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7a68d91c68cd872021-12-22 12:47:28.718root 11241100x80000000000000004032294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ad8392271a16cb2021-12-22 12:47:28.718root 11241100x80000000000000004032295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fce8e7fb1ba0c22021-12-22 12:47:28.718root 11241100x80000000000000004032296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e022c75f9d5db92021-12-22 12:47:28.718root 11241100x80000000000000004032297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f915e582b1eb80482021-12-22 12:47:28.718root 11241100x80000000000000004032298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a37c2618db2d51d2021-12-22 12:47:28.718root 11241100x80000000000000004032299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1612b4b764f8892021-12-22 12:47:28.718root 11241100x80000000000000004032300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4eade5f723fb3e2021-12-22 12:47:28.718root 11241100x80000000000000004032301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea4a9de49c472c02021-12-22 12:47:28.718root 11241100x80000000000000004032302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e4a622d0a8a5382021-12-22 12:47:28.718root 11241100x80000000000000004032303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2189354bd25ae4022021-12-22 12:47:28.718root 11241100x80000000000000004032304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875e28dfaabb10ef2021-12-22 12:47:28.718root 11241100x80000000000000004032305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66eaf0c131d991422021-12-22 12:47:28.719root 11241100x80000000000000004032306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42950b57ccc45ca52021-12-22 12:47:28.719root 11241100x80000000000000004032307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19930b2fb8129292021-12-22 12:47:28.719root 11241100x80000000000000004032308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e510d76260dac4132021-12-22 12:47:28.719root 11241100x80000000000000004032309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d302eacbe7d3ca72021-12-22 12:47:28.719root 11241100x80000000000000004032310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3fbf8e541ea03c2021-12-22 12:47:28.719root 11241100x80000000000000004032311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ac3c727f41eb942021-12-22 12:47:28.719root 11241100x80000000000000004032312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995632519cb769b22021-12-22 12:47:28.719root 11241100x80000000000000004032313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e53e08b76f3e7462021-12-22 12:47:28.719root 11241100x80000000000000004032314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7f3dcb335033ce2021-12-22 12:47:28.719root 11241100x80000000000000004032315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa94c1ca179565d72021-12-22 12:47:28.719root 11241100x80000000000000004032316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f78a138c7b7fdf72021-12-22 12:47:28.719root 11241100x80000000000000004032317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2b136edca0c3d32021-12-22 12:47:28.719root 11241100x80000000000000004032318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dcc1df12b4acc52021-12-22 12:47:28.719root 11241100x80000000000000004032319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f2afc4d52a3f6f2021-12-22 12:47:28.721root 11241100x80000000000000004032320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d79d19d06307e4a2021-12-22 12:47:28.721root 11241100x80000000000000004032321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cdcd535a9cf2542021-12-22 12:47:28.721root 11241100x80000000000000004032322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f02c42b7b00dbb2021-12-22 12:47:28.722root 11241100x80000000000000004032323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a1712be5a9f0402021-12-22 12:47:28.722root 11241100x80000000000000004032324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feb330c4c4f589d2021-12-22 12:47:28.722root 11241100x80000000000000004032325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ea2bd8e6144db52021-12-22 12:47:28.722root 11241100x80000000000000004032326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5bf5fc29b574b62021-12-22 12:47:28.723root 11241100x80000000000000004032327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea19545ea12251e12021-12-22 12:47:28.723root 11241100x80000000000000004032328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b91247dad3e0c22021-12-22 12:47:28.723root 11241100x80000000000000004032329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c0e1a63f97ae0e2021-12-22 12:47:28.724root 11241100x80000000000000004032330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fb2e500456cca02021-12-22 12:47:28.724root 11241100x80000000000000004032331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b168a0264446062021-12-22 12:47:28.724root 11241100x80000000000000004032332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2230c36401de8e2021-12-22 12:47:28.724root 11241100x80000000000000004032333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47f8bf0e360c3332021-12-22 12:47:28.724root 11241100x80000000000000004032334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd93d0f30202f462021-12-22 12:47:28.725root 11241100x80000000000000004032335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f481ef83b657412021-12-22 12:47:28.725root 11241100x80000000000000004032336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54da1df69083805b2021-12-22 12:47:28.725root 11241100x80000000000000004032337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c315e51845a22f3f2021-12-22 12:47:28.725root 11241100x80000000000000004032338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b136cb95c0d76832021-12-22 12:47:28.725root 11241100x80000000000000004032339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2c157e455a5b6a2021-12-22 12:47:28.726root 11241100x80000000000000004032340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36c4d808618f8392021-12-22 12:47:28.726root 11241100x80000000000000004032341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a41b797856ce662021-12-22 12:47:28.726root 11241100x80000000000000004032342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02e56ec2af4a32f2021-12-22 12:47:28.726root 11241100x80000000000000004032343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94acf5dc3f12be532021-12-22 12:47:28.726root 11241100x80000000000000004032344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275af4022923d8292021-12-22 12:47:28.727root 11241100x80000000000000004032345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ac018b3e6f39462021-12-22 12:47:28.727root 11241100x80000000000000004032346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b75c380b1f0da222021-12-22 12:47:28.727root 11241100x80000000000000004032347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9fb23352ca8a742021-12-22 12:47:28.728root 11241100x80000000000000004032348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:28.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145eb0bafe60a08c2021-12-22 12:47:28.728root 354300x80000000000000004032417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:46.146{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56918-false10.0.1.12-8000- 154100x80000000000000004032418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:46.367{ec2b6afe-1e72-61c3-e806-d3b0f4550000}22756/bin/ls-----ls --color=auto =l /lib/modules/5.4.0-1060-aws/kernel/drivers//home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000004032419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:46.369{ec2b6afe-1e72-61c3-e806-d3b0f4550000}22756/bin/lsubuntu 11241100x80000000000000004032420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:46.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3fe310a7d33a042021-12-22 12:47:46.442root 11241100x80000000000000004032421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2e3a41debe20b72021-12-22 12:47:46.443root 11241100x80000000000000004032422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ab28490b8042802021-12-22 12:47:46.443root 11241100x80000000000000004032423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:46.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc7a0620d8e7dd62021-12-22 12:47:46.942root 11241100x80000000000000004032424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43138410bf46e762021-12-22 12:47:46.943root 11241100x80000000000000004032425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1556892fccbe00b02021-12-22 12:47:46.943root 11241100x80000000000000004032426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:47.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422d7cf1ff56c5b22021-12-22 12:47:47.442root 11241100x80000000000000004032427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25125c3f3201734d2021-12-22 12:47:47.443root 11241100x80000000000000004032428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a782587525878f112021-12-22 12:47:47.443root 11241100x80000000000000004032429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:47.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aeeb32ed5ddbde2021-12-22 12:47:47.942root 11241100x80000000000000004032430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22456f0739b16f452021-12-22 12:47:47.943root 11241100x80000000000000004032431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a548b98096c2ceff2021-12-22 12:47:47.943root 11241100x80000000000000004032432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:48.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a3e7029752e32b2021-12-22 12:47:48.442root 11241100x80000000000000004032433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4761d2c00bb01fb82021-12-22 12:47:48.443root 11241100x80000000000000004032434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926d71ed08aa98c22021-12-22 12:47:48.443root 11241100x80000000000000004032435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:48.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121f0cec7ca3fce02021-12-22 12:47:48.942root 11241100x80000000000000004032436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1b6f662c05ccf42021-12-22 12:47:48.943root 11241100x80000000000000004032437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e6a5190ee854132021-12-22 12:47:48.943root 11241100x80000000000000004032438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba10171af1e77072021-12-22 12:47:49.442root 11241100x80000000000000004032439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfd8ae9beb6bdab2021-12-22 12:47:49.443root 11241100x80000000000000004032440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fe8f45bc83c9a32021-12-22 12:47:49.443root 154100x80000000000000004032441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:49.697{ec2b6afe-1e75-61c3-e8f6-5a8b89550000}22757/bin/ls-----ls --color=auto -l /lib/modules/5.4.0-1060-aws/kernel/drivers//home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000004032442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:49.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a601422f514984e82021-12-22 12:47:49.698root 11241100x80000000000000004032443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:49.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e71198df9da1eb52021-12-22 12:47:49.698root 11241100x80000000000000004032444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:49.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ebcc97115411462021-12-22 12:47:49.698root 11241100x80000000000000004032445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:49.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dde419ad623d6e2021-12-22 12:47:49.699root 534500x80000000000000004032446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:49.700{ec2b6afe-1e75-61c3-e8f6-5a8b89550000}22757/bin/lsubuntu 11241100x80000000000000004032447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf8f026753c45342021-12-22 12:47:50.192root 11241100x80000000000000004032448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50006721f4582c6b2021-12-22 12:47:50.193root 11241100x80000000000000004032449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01a1ddfb02f6e0a2021-12-22 12:47:50.193root 11241100x80000000000000004032450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b3dcd39c76b4942021-12-22 12:47:50.193root 11241100x80000000000000004032451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43846f021b24542e2021-12-22 12:47:50.193root 11241100x80000000000000004032452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c105fbcadd4aef2021-12-22 12:47:50.193root 11241100x80000000000000004032453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44189d4d24f47aea2021-12-22 12:47:50.194root 11241100x80000000000000004032454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8743fd4a83e55ba32021-12-22 12:47:50.692root 11241100x80000000000000004032455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92277c1970f0d5f2021-12-22 12:47:50.693root 11241100x80000000000000004032456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9bf53747120d5a2021-12-22 12:47:50.693root 11241100x80000000000000004032457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6289e624f86585012021-12-22 12:47:50.693root 11241100x80000000000000004032458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da23ae0450ca1efd2021-12-22 12:47:50.693root 354300x80000000000000004032459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.170{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56920-false10.0.1.12-8000- 11241100x80000000000000004032460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a26f8a27367dc42021-12-22 12:47:51.170root 11241100x80000000000000004032461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b75fca43d485252021-12-22 12:47:51.171root 11241100x80000000000000004032462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f039161167c06c2021-12-22 12:47:51.171root 11241100x80000000000000004032463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4521efbff99daea2021-12-22 12:47:51.171root 11241100x80000000000000004032464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672c27467e426f542021-12-22 12:47:51.171root 11241100x80000000000000004032465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417855d2987c7c542021-12-22 12:47:51.171root 11241100x80000000000000004032466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5702fb1dfc0cd0832021-12-22 12:47:51.443root 11241100x80000000000000004032467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ea8e2b5ab5a19d2021-12-22 12:47:51.443root 11241100x80000000000000004032468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e617132e61b74d1e2021-12-22 12:47:51.443root 11241100x80000000000000004032469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad687cba965d7e02021-12-22 12:47:51.443root 11241100x80000000000000004032470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de6795feead9f0d2021-12-22 12:47:51.443root 11241100x80000000000000004032471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed9e693054a08422021-12-22 12:47:51.443root 11241100x80000000000000004032472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56acccb77df870152021-12-22 12:47:51.943root 11241100x80000000000000004032473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377cdbfa1962ab382021-12-22 12:47:51.943root 11241100x80000000000000004032474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46afd379ff3bcc762021-12-22 12:47:51.943root 11241100x80000000000000004032475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5231a5d392f4af952021-12-22 12:47:51.943root 11241100x80000000000000004032476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684e3cd2cd7d3e312021-12-22 12:47:51.943root 11241100x80000000000000004032477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e29efa2dab612c2021-12-22 12:47:51.943root 11241100x80000000000000004032478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945baa24d4c32aca2021-12-22 12:47:52.443root 11241100x80000000000000004032479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89192a06e5e8df02021-12-22 12:47:52.443root 11241100x80000000000000004032480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedce175a6df888b2021-12-22 12:47:52.443root 11241100x80000000000000004032481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0459b25dbaf3dd2021-12-22 12:47:52.443root 11241100x80000000000000004032482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f56127e9a5b1942021-12-22 12:47:52.443root 11241100x80000000000000004032483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73ef2be5e7697002021-12-22 12:47:52.443root 11241100x80000000000000004032484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c6746e6c760fe12021-12-22 12:47:52.943root 11241100x80000000000000004032485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9351ecdd9593ef092021-12-22 12:47:52.943root 11241100x80000000000000004032486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018009ff4bf38e192021-12-22 12:47:52.943root 11241100x80000000000000004032487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77467ec08a261ba62021-12-22 12:47:52.943root 11241100x80000000000000004032488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667c0361e22c0fff2021-12-22 12:47:52.943root 11241100x80000000000000004032489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62011b35bc18f3982021-12-22 12:47:52.943root 11241100x80000000000000004032490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889bd3a91b5de4c52021-12-22 12:47:53.443root 11241100x80000000000000004032491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b3ffd9bf27b56e2021-12-22 12:47:53.443root 11241100x80000000000000004032492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe632154124f1172021-12-22 12:47:53.443root 11241100x80000000000000004032493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3078c29fad4a54ff2021-12-22 12:47:53.443root 11241100x80000000000000004032494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823bfa01517312322021-12-22 12:47:53.443root 11241100x80000000000000004032495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e988272f935275d2021-12-22 12:47:53.443root 11241100x80000000000000004032496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbeff81273e7f462021-12-22 12:47:53.943root 11241100x80000000000000004032497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816c25bdd369068a2021-12-22 12:47:53.943root 11241100x80000000000000004032498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730122eff95a4a5b2021-12-22 12:47:53.943root 11241100x80000000000000004032499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0876582e3bff5a4d2021-12-22 12:47:53.943root 11241100x80000000000000004032500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab396e830a6c1d122021-12-22 12:47:53.943root 11241100x80000000000000004032501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264db2592e7f08822021-12-22 12:47:53.943root 11241100x80000000000000004032502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d00daf3daebacb62021-12-22 12:47:54.443root 11241100x80000000000000004032503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051bcf69510ca9df2021-12-22 12:47:54.443root 11241100x80000000000000004032504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e141c2568e21e62f2021-12-22 12:47:54.443root 11241100x80000000000000004032505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39ecc8f335b25712021-12-22 12:47:54.443root 11241100x80000000000000004032506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b26930b348dec3d2021-12-22 12:47:54.443root 11241100x80000000000000004032507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9939b784070657582021-12-22 12:47:54.443root 11241100x80000000000000004032508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a1e4140ddf4d8b2021-12-22 12:47:54.943root 11241100x80000000000000004032509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3516e1d3bd1e398b2021-12-22 12:47:54.943root 11241100x80000000000000004032510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43526338df8f0ddc2021-12-22 12:47:54.943root 11241100x80000000000000004032511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a090b77aec31ed2021-12-22 12:47:54.943root 11241100x80000000000000004032512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2e23079ab613da2021-12-22 12:47:54.943root 11241100x80000000000000004032513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c571a974372873bd2021-12-22 12:47:54.943root 11241100x80000000000000004032514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98615b88866cbb5d2021-12-22 12:47:55.444root 11241100x80000000000000004032515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999731ef33da1f1e2021-12-22 12:47:55.444root 11241100x80000000000000004032516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8f90227fcf70bd2021-12-22 12:47:55.445root 11241100x80000000000000004032517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4f2c5f92cf20ee2021-12-22 12:47:55.445root 11241100x80000000000000004032518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a10bd894020e3b2021-12-22 12:47:55.445root 11241100x80000000000000004032519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdab9a5796978bf2021-12-22 12:47:55.445root 11241100x80000000000000004032520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b012b1f4bb964c4e2021-12-22 12:47:55.943root 11241100x80000000000000004032521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a590f7296e554a2021-12-22 12:47:55.943root 11241100x80000000000000004032522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5098ac80fe81192021-12-22 12:47:55.943root 11241100x80000000000000004032523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3a1c1b19d1279e2021-12-22 12:47:55.943root 11241100x80000000000000004032524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a96243bca3c7a562021-12-22 12:47:55.943root 11241100x80000000000000004032525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5ca31e71dc686d2021-12-22 12:47:55.943root 354300x80000000000000004032526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.256{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56922-false10.0.1.12-8000- 11241100x80000000000000004032527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfa5ca56b2976ff2021-12-22 12:47:56.257root 11241100x80000000000000004032528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf1124a4ffe1d792021-12-22 12:47:56.257root 11241100x80000000000000004032529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57c2d3a974453c32021-12-22 12:47:56.257root 11241100x80000000000000004032530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9f66c8671472ef2021-12-22 12:47:56.257root 11241100x80000000000000004032531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19197dade904c5942021-12-22 12:47:56.257root 11241100x80000000000000004032532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99510825d5e97b232021-12-22 12:47:56.258root 11241100x80000000000000004032533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfe1b1052ff74942021-12-22 12:47:56.258root 11241100x80000000000000004032534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dad1d723f91b802021-12-22 12:47:56.693root 11241100x80000000000000004032535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ae0d66c03263f52021-12-22 12:47:56.693root 11241100x80000000000000004032536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fa070d5d0693702021-12-22 12:47:56.693root 11241100x80000000000000004032537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48ef396f0563a6a2021-12-22 12:47:56.693root 11241100x80000000000000004032538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461a70af3bf64a2f2021-12-22 12:47:56.694root 11241100x80000000000000004032539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91806adb0ad847c22021-12-22 12:47:56.694root 11241100x80000000000000004032540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74743f2d084294e62021-12-22 12:47:56.694root 11241100x80000000000000004032541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c34e3c36225d2ba2021-12-22 12:47:57.193root 11241100x80000000000000004032542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fbf71b226dbacc2021-12-22 12:47:57.193root 11241100x80000000000000004032543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ec5b911038bf7b2021-12-22 12:47:57.193root 11241100x80000000000000004032544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f8de9872c950822021-12-22 12:47:57.193root 11241100x80000000000000004032545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6818bf51d06b4e22021-12-22 12:47:57.194root 11241100x80000000000000004032546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853bbb209cd014352021-12-22 12:47:57.194root 11241100x80000000000000004032547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b5840ce08a81c72021-12-22 12:47:57.194root 11241100x80000000000000004032548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a8761df7c8982e2021-12-22 12:47:57.693root 11241100x80000000000000004032549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4c2ca45e10da202021-12-22 12:47:57.693root 11241100x80000000000000004032550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f51dfe83954e302021-12-22 12:47:57.693root 11241100x80000000000000004032551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af7944c4ec04c2b2021-12-22 12:47:57.693root 11241100x80000000000000004032552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5644f40008c188df2021-12-22 12:47:57.693root 11241100x80000000000000004032553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c787f6b5d6be5462021-12-22 12:47:57.693root 11241100x80000000000000004032554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd550bb46e89fc6c2021-12-22 12:47:57.693root 154100x80000000000000004032555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.897{ec2b6afe-1e7d-61c3-e8a6-cee97f550000}22758/bin/ls-----ls --color=auto -l /lib/modules/5.4.0-1060-aws/kernel/drivers/acpi/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000004032556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:57.899{ec2b6afe-1e7d-61c3-e8a6-cee97f550000}22758/bin/lsubuntu 11241100x80000000000000004032557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802cab33afd034582021-12-22 12:47:58.193root 11241100x80000000000000004032558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8f34b481faf77e2021-12-22 12:47:58.193root 11241100x80000000000000004032559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af034485f5cdabe2021-12-22 12:47:58.193root 11241100x80000000000000004032560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31c8cf0f0bc221e2021-12-22 12:47:58.193root 11241100x80000000000000004032561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c427bb030fe37782021-12-22 12:47:58.193root 11241100x80000000000000004032562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c8f58bb25962f12021-12-22 12:47:58.193root 11241100x80000000000000004032563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae2d3ee7e102c482021-12-22 12:47:58.193root 11241100x80000000000000004032564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0442268a863264602021-12-22 12:47:58.193root 11241100x80000000000000004032565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2da41abd89e3352021-12-22 12:47:58.194root 11241100x80000000000000004032566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d11649e85748f2e2021-12-22 12:47:58.693root 11241100x80000000000000004032567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ee4c0dfa6712042021-12-22 12:47:58.693root 11241100x80000000000000004032568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0810206f9d2105c2021-12-22 12:47:58.693root 11241100x80000000000000004032569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da1ff7d33962cdc2021-12-22 12:47:58.693root 11241100x80000000000000004032570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9053e5b60360b62021-12-22 12:47:58.693root 11241100x80000000000000004032571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd05e38e2c001692021-12-22 12:47:58.693root 11241100x80000000000000004032572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5520239e552175bb2021-12-22 12:47:58.693root 11241100x80000000000000004032573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3854d65df64fcb4e2021-12-22 12:47:58.693root 11241100x80000000000000004032574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78168862ae0701a2021-12-22 12:47:58.693root 11241100x80000000000000004032575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5119c2946845e62021-12-22 12:47:59.193root 11241100x80000000000000004032576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6379c980076a032021-12-22 12:47:59.193root 11241100x80000000000000004032577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b9c5da8818c0302021-12-22 12:47:59.193root 11241100x80000000000000004032578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376988f9f371c0182021-12-22 12:47:59.193root 11241100x80000000000000004032579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b034ce2267a1cc2021-12-22 12:47:59.193root 11241100x80000000000000004032580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ad6b7dd41779c22021-12-22 12:47:59.193root 11241100x80000000000000004032581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ef3eb52bdefd8e2021-12-22 12:47:59.193root 11241100x80000000000000004032582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f20fa316d1e16182021-12-22 12:47:59.193root 11241100x80000000000000004032583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35418103aee9ff12021-12-22 12:47:59.193root 11241100x80000000000000004032584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a0aef858a370922021-12-22 12:47:59.693root 11241100x80000000000000004032585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428ae2cf6d1c32482021-12-22 12:47:59.693root 11241100x80000000000000004032586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfba174b92037b42021-12-22 12:47:59.693root 11241100x80000000000000004032587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d41684614bea6b2021-12-22 12:47:59.693root 11241100x80000000000000004032588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80083f69cc8725a2021-12-22 12:47:59.693root 11241100x80000000000000004032589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578dacf853c140af2021-12-22 12:47:59.693root 11241100x80000000000000004032590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df1e40d451c715f2021-12-22 12:47:59.693root 11241100x80000000000000004032591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dcd1105fad2f842021-12-22 12:47:59.693root 11241100x80000000000000004032592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099b9b035318a4db2021-12-22 12:47:59.693root 11241100x80000000000000004032593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5587cd8fd7c1d9a72021-12-22 12:48:00.193root 11241100x80000000000000004032594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3863d96e37cc1fd2021-12-22 12:48:00.193root 11241100x80000000000000004032595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b22e133870a4d692021-12-22 12:48:00.193root 11241100x80000000000000004032596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7237320cfa4cfe2021-12-22 12:48:00.193root 11241100x80000000000000004032597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fe3f3ff85a39c92021-12-22 12:48:00.193root 11241100x80000000000000004032598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892806f00142c8fc2021-12-22 12:48:00.193root 11241100x80000000000000004032599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69675e3bec7fc9c92021-12-22 12:48:00.193root 11241100x80000000000000004032600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b09f340201ed4452021-12-22 12:48:00.193root 11241100x80000000000000004032601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826bd2fa01829c502021-12-22 12:48:00.193root 11241100x80000000000000004032602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52fb984646600ef2021-12-22 12:48:00.693root 11241100x80000000000000004032603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911b3823ed7db5ff2021-12-22 12:48:00.693root 11241100x80000000000000004032604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ed851af3e1845c2021-12-22 12:48:00.693root 11241100x80000000000000004032605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddfe78ec4392b6a2021-12-22 12:48:00.693root 11241100x80000000000000004032606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eea5230f63cd732021-12-22 12:48:00.693root 11241100x80000000000000004032607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebcf290ee7dfb792021-12-22 12:48:00.693root 11241100x80000000000000004032608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148da2189ff84b692021-12-22 12:48:00.693root 11241100x80000000000000004032609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9f492bb0c312922021-12-22 12:48:00.693root 11241100x80000000000000004032610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ce19312d0897422021-12-22 12:48:00.693root 11241100x80000000000000004032611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7059783d9d6cf7972021-12-22 12:48:01.193root 11241100x80000000000000004032612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239b47ea1c4da6712021-12-22 12:48:01.193root 11241100x80000000000000004032613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20c76539c0b834c2021-12-22 12:48:01.193root 11241100x80000000000000004032614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7521d3b6c43cd42021-12-22 12:48:01.193root 11241100x80000000000000004032615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c487dfc4112cd70f2021-12-22 12:48:01.193root 11241100x80000000000000004032616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68cc1c481af37642021-12-22 12:48:01.193root 11241100x80000000000000004032617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8134b91c40fed0d82021-12-22 12:48:01.193root 11241100x80000000000000004032618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fde8396da922842021-12-22 12:48:01.193root 11241100x80000000000000004032619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddbfbccc82d013a2021-12-22 12:48:01.193root 11241100x80000000000000004032620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2d5c939d00c3bb2021-12-22 12:48:01.693root 11241100x80000000000000004032621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a359210c84e3a722021-12-22 12:48:01.693root 11241100x80000000000000004032622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea662d315dafbbf2021-12-22 12:48:01.693root 11241100x80000000000000004032623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf39a906828a2352021-12-22 12:48:01.693root 11241100x80000000000000004032624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec666891f54b79c2021-12-22 12:48:01.693root 11241100x80000000000000004032625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8a23cd23cd57842021-12-22 12:48:01.693root 11241100x80000000000000004032626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3d90e4effecbae2021-12-22 12:48:01.693root 11241100x80000000000000004032627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de1fe7d8c6910fd2021-12-22 12:48:01.694root 11241100x80000000000000004032628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eee9f1a506b39512021-12-22 12:48:01.694root 354300x80000000000000004032629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.027{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56924-false10.0.1.12-8000- 11241100x80000000000000004032630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eeac06995df36a32021-12-22 12:48:02.028root 11241100x80000000000000004032631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3273f12db47f8bb72021-12-22 12:48:02.028root 11241100x80000000000000004032632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c4b6be761c03cb2021-12-22 12:48:02.028root 11241100x80000000000000004032633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0284336ab265c32021-12-22 12:48:02.029root 11241100x80000000000000004032634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eeaa8fe879c59d92021-12-22 12:48:02.029root 11241100x80000000000000004032635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e761f7347a6fac5e2021-12-22 12:48:02.029root 11241100x80000000000000004032636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285c1f0e2db291352021-12-22 12:48:02.029root 11241100x80000000000000004032637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1db1bede23574e2021-12-22 12:48:02.029root 11241100x80000000000000004032638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42839504552aa0242021-12-22 12:48:02.029root 11241100x80000000000000004032639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41adc43696b0df092021-12-22 12:48:02.029root 11241100x80000000000000004032640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573cbb540645dcf12021-12-22 12:48:02.443root 11241100x80000000000000004032641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecfe5570c8f9d392021-12-22 12:48:02.443root 11241100x80000000000000004032642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620f13fe6657396e2021-12-22 12:48:02.443root 11241100x80000000000000004032643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8f12bc1c1b2a912021-12-22 12:48:02.443root 11241100x80000000000000004032644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9811e0c602c7ad2021-12-22 12:48:02.443root 11241100x80000000000000004032645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e51d3148eaf44c2021-12-22 12:48:02.443root 11241100x80000000000000004032646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032ca95c214315f72021-12-22 12:48:02.443root 11241100x80000000000000004032647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3438c7a8fe699d2021-12-22 12:48:02.443root 11241100x80000000000000004032648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278d326f5ff85bf32021-12-22 12:48:02.444root 11241100x80000000000000004032649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5a523e7a5f0e852021-12-22 12:48:02.444root 11241100x80000000000000004032650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c070eca2532ec942021-12-22 12:48:02.445root 11241100x80000000000000004032651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ad013e4e9a4c232021-12-22 12:48:02.445root 11241100x80000000000000004032652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97947d42d5b3a9822021-12-22 12:48:02.445root 11241100x80000000000000004032653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd714e834957eee2021-12-22 12:48:02.445root 11241100x80000000000000004032654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a757b6e066c4c4d2021-12-22 12:48:02.446root 11241100x80000000000000004032655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a53721270b55f42021-12-22 12:48:02.446root 11241100x80000000000000004032656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06c6ff735851d562021-12-22 12:48:02.446root 11241100x80000000000000004032657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9c7388a1be0a932021-12-22 12:48:02.446root 11241100x80000000000000004032658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b3edd7f5fc4c6c2021-12-22 12:48:02.446root 11241100x80000000000000004032659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b08de40daeb3d4a2021-12-22 12:48:02.447root 11241100x80000000000000004032660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c56165ac54bbf4c2021-12-22 12:48:02.447root 11241100x80000000000000004032661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7744337a6e7a4b2021-12-22 12:48:02.447root 11241100x80000000000000004032662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86269cc9ca38925a2021-12-22 12:48:02.943root 11241100x80000000000000004032663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfa8b50319b51bd2021-12-22 12:48:02.943root 11241100x80000000000000004032664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70965e62d611cc172021-12-22 12:48:02.943root 11241100x80000000000000004032665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bfde5bfc6ce7532021-12-22 12:48:02.943root 11241100x80000000000000004032666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488d2d4c11e795f92021-12-22 12:48:02.943root 11241100x80000000000000004032667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe28834d89ba9282021-12-22 12:48:02.943root 11241100x80000000000000004032668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de9a4b1e0571bd32021-12-22 12:48:02.943root 11241100x80000000000000004032669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c61b5fe9c16aa2d2021-12-22 12:48:02.943root 11241100x80000000000000004032670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3e406c379e5fa62021-12-22 12:48:02.943root 11241100x80000000000000004032671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8e18321f6124572021-12-22 12:48:02.943root 11241100x80000000000000004032672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.122{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:48:03.122root 11241100x80000000000000004032673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ded56e6257d8062021-12-22 12:48:03.443root 11241100x80000000000000004032674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c15c57ec0f9c2e82021-12-22 12:48:03.443root 11241100x80000000000000004032675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f5589c323c6a5c2021-12-22 12:48:03.443root 11241100x80000000000000004032676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e110a406c5712e642021-12-22 12:48:03.443root 11241100x80000000000000004032677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b65e9985f4052e2021-12-22 12:48:03.443root 11241100x80000000000000004032678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a724b08ef168c32021-12-22 12:48:03.443root 11241100x80000000000000004032679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986cc861386945252021-12-22 12:48:03.443root 11241100x80000000000000004032680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dac74cf783471c2021-12-22 12:48:03.443root 11241100x80000000000000004032681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab34c1f56a88a882021-12-22 12:48:03.443root 11241100x80000000000000004032682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f1dae053e3927f2021-12-22 12:48:03.444root 11241100x80000000000000004032683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8155aafb13c8b32021-12-22 12:48:03.444root 11241100x80000000000000004032684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123752cafd3705d62021-12-22 12:48:03.943root 11241100x80000000000000004032685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2296fa9f7982ad32021-12-22 12:48:03.943root 11241100x80000000000000004032686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d29ab354b295852021-12-22 12:48:03.943root 11241100x80000000000000004032687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e572dc12737b04892021-12-22 12:48:03.943root 11241100x80000000000000004032688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a707a8cb4aeb522021-12-22 12:48:03.943root 11241100x80000000000000004032689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb716b596d977782021-12-22 12:48:03.943root 11241100x80000000000000004032690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36e69d5975c1a5b2021-12-22 12:48:03.943root 11241100x80000000000000004032691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce82f834e151a80e2021-12-22 12:48:03.943root 11241100x80000000000000004032692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59fd34b80031c662021-12-22 12:48:03.943root 11241100x80000000000000004032693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6e7f72e6eb78f72021-12-22 12:48:03.944root 11241100x80000000000000004032694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a07c09079d659362021-12-22 12:48:03.944root 11241100x80000000000000004032695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494478bd6c241db72021-12-22 12:48:04.443root 11241100x80000000000000004032696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7bad5124bbf8af2021-12-22 12:48:04.443root 11241100x80000000000000004032697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415c157a83c9f4172021-12-22 12:48:04.443root 11241100x80000000000000004032698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b813ff03292f2a572021-12-22 12:48:04.443root 11241100x80000000000000004032699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7e06701b1756782021-12-22 12:48:04.443root 11241100x80000000000000004032700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fb7ee4e92a697e2021-12-22 12:48:04.443root 11241100x80000000000000004032701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca4a226b732ec4f2021-12-22 12:48:04.443root 11241100x80000000000000004032702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a27b7c3cad58842021-12-22 12:48:04.443root 11241100x80000000000000004032703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f09764f8496d372021-12-22 12:48:04.443root 11241100x80000000000000004032704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f65257ebdd948c2021-12-22 12:48:04.443root 11241100x80000000000000004032705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54039a56a12eb5c22021-12-22 12:48:04.444root 11241100x80000000000000004032706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a13083bad71b21e2021-12-22 12:48:04.942root 11241100x80000000000000004032707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91829577d59153a2021-12-22 12:48:04.943root 11241100x80000000000000004032708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42a1a48ed84cabb2021-12-22 12:48:04.943root 11241100x80000000000000004032709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d96d11c56356f202021-12-22 12:48:04.943root 11241100x80000000000000004032710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2283b2b56748ce1a2021-12-22 12:48:04.943root 11241100x80000000000000004032711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf47d76f075787c2021-12-22 12:48:04.943root 11241100x80000000000000004032712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c584a47575b27d2021-12-22 12:48:04.943root 11241100x80000000000000004032713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54b376a2ecf6c132021-12-22 12:48:04.943root 11241100x80000000000000004032714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd3b81b3d11469f2021-12-22 12:48:04.943root 11241100x80000000000000004032715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccbe23ec24911342021-12-22 12:48:04.944root 11241100x80000000000000004032716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1308781a4c80cc172021-12-22 12:48:04.944root 11241100x80000000000000004032717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f21f4e30563cd62021-12-22 12:48:05.443root 11241100x80000000000000004032718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc73768d31a6f66d2021-12-22 12:48:05.443root 11241100x80000000000000004032719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b330ea8dff22922021-12-22 12:48:05.443root 11241100x80000000000000004032720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96efa8745cd7ae82021-12-22 12:48:05.443root 11241100x80000000000000004032721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2317b10802f6f4c2021-12-22 12:48:05.443root 11241100x80000000000000004032722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae67d55a0b1982c2021-12-22 12:48:05.443root 11241100x80000000000000004032723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa696eee6dd1b662021-12-22 12:48:05.443root 11241100x80000000000000004032724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4007b4c0de632f8d2021-12-22 12:48:05.444root 11241100x80000000000000004032725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ba978d0d24ee732021-12-22 12:48:05.444root 11241100x80000000000000004032726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e0f027c9c2b4aa2021-12-22 12:48:05.444root 11241100x80000000000000004032727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a14951089ad93c2021-12-22 12:48:05.444root 11241100x80000000000000004032728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafa2b2d62c4ac772021-12-22 12:48:05.943root 11241100x80000000000000004032729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5f1596ae4a89162021-12-22 12:48:05.943root 11241100x80000000000000004032730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ae4e099130645e2021-12-22 12:48:05.943root 11241100x80000000000000004032731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751782ce5b9fb24c2021-12-22 12:48:05.943root 11241100x80000000000000004032732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4830c536c2812e982021-12-22 12:48:05.943root 11241100x80000000000000004032733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2ae1f55b0218852021-12-22 12:48:05.943root 11241100x80000000000000004032734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346babf736b9105f2021-12-22 12:48:05.943root 11241100x80000000000000004032735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2225cd259817502021-12-22 12:48:05.943root 11241100x80000000000000004032736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e621f04a77de0a582021-12-22 12:48:05.943root 11241100x80000000000000004032737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b2b6ee59f3d9f2021-12-22 12:48:05.943root 11241100x80000000000000004032738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc49e01ca5b77502021-12-22 12:48:05.944root 23542300x80000000000000004032739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.124{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004032740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923f1e6c4c0440102021-12-22 12:48:06.443root 11241100x80000000000000004032741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb71bf9035f3eb0a2021-12-22 12:48:06.443root 11241100x80000000000000004032742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0879667c96e82bc42021-12-22 12:48:06.443root 11241100x80000000000000004032743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3244be1c4b307cf22021-12-22 12:48:06.443root 11241100x80000000000000004032744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b5b6cc13b008772021-12-22 12:48:06.443root 11241100x80000000000000004032745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3038b9fb4633c67b2021-12-22 12:48:06.443root 11241100x80000000000000004032746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e73bbfcbcad9c52021-12-22 12:48:06.443root 11241100x80000000000000004032747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3eb4abdd82768302021-12-22 12:48:06.443root 11241100x80000000000000004032748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa67a47c9da79192021-12-22 12:48:06.444root 11241100x80000000000000004032749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007dccc7385b0ccc2021-12-22 12:48:06.444root 11241100x80000000000000004032750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fd0620e1350d292021-12-22 12:48:06.444root 11241100x80000000000000004032751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6155ecfa5bd204e62021-12-22 12:48:06.444root 11241100x80000000000000004032752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd65cdd6ff8594af2021-12-22 12:48:06.943root 11241100x80000000000000004032753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee15a342e94689182021-12-22 12:48:06.943root 11241100x80000000000000004032754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfcbe582616b3852021-12-22 12:48:06.943root 11241100x80000000000000004032755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8348a9b8218730a22021-12-22 12:48:06.943root 11241100x80000000000000004032756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22abe7887a584d5a2021-12-22 12:48:06.943root 11241100x80000000000000004032757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754568f7b21ff4862021-12-22 12:48:06.943root 11241100x80000000000000004032758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6122bdbfefcd1a2021-12-22 12:48:06.943root 11241100x80000000000000004032759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c7aba2410a1c6c2021-12-22 12:48:06.944root 11241100x80000000000000004032760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9986e3ba8c6dc9572021-12-22 12:48:06.944root 11241100x80000000000000004032761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38219ee76598cb062021-12-22 12:48:06.944root 11241100x80000000000000004032762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0dfd12cdc870d52021-12-22 12:48:06.944root 11241100x80000000000000004032763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc608c00a77fb60b2021-12-22 12:48:06.944root 11241100x80000000000000004032764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fb42cda5a686472021-12-22 12:48:07.443root 11241100x80000000000000004032765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1850089235126cfe2021-12-22 12:48:07.443root 11241100x80000000000000004032766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242bf26e66a261b42021-12-22 12:48:07.443root 11241100x80000000000000004032767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74279c470fbb15972021-12-22 12:48:07.443root 11241100x80000000000000004032768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ae094bf68aa12a2021-12-22 12:48:07.443root 11241100x80000000000000004032769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5f83119d3854192021-12-22 12:48:07.443root 11241100x80000000000000004032770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe46a82ba7506e3d2021-12-22 12:48:07.443root 11241100x80000000000000004032771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825fd87ea6d0296d2021-12-22 12:48:07.443root 11241100x80000000000000004032772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddb018cafff1d512021-12-22 12:48:07.443root 11241100x80000000000000004032773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2168ef622aed8a592021-12-22 12:48:07.443root 11241100x80000000000000004032774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85454ecae54d2de2021-12-22 12:48:07.444root 11241100x80000000000000004032775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23dc894f837b3e42021-12-22 12:48:07.444root 11241100x80000000000000004032776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5fa4df73e34bda2021-12-22 12:48:07.943root 11241100x80000000000000004032777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e62a6732b86d0ad2021-12-22 12:48:07.943root 11241100x80000000000000004032778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bac9255afef0742021-12-22 12:48:07.943root 11241100x80000000000000004032779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d22fa052e0e3982021-12-22 12:48:07.943root 11241100x80000000000000004032780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d672c25c36ebe1b02021-12-22 12:48:07.943root 11241100x80000000000000004032781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33059f2a211631d2021-12-22 12:48:07.943root 11241100x80000000000000004032782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530d0f81e5e3101b2021-12-22 12:48:07.943root 11241100x80000000000000004032783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4ecd7679a82df72021-12-22 12:48:07.943root 11241100x80000000000000004032784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4093dd0bc06c9cbe2021-12-22 12:48:07.943root 11241100x80000000000000004032785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a355cec53201ded2021-12-22 12:48:07.943root 11241100x80000000000000004032786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58920e647cfed542021-12-22 12:48:07.944root 11241100x80000000000000004032787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1677b55e22a1d462021-12-22 12:48:07.944root 354300x80000000000000004032788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.023{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56926-false10.0.1.12-8000- 11241100x80000000000000004032789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d86de32343abd92021-12-22 12:48:08.443root 11241100x80000000000000004032790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57da6a7682c0d4f12021-12-22 12:48:08.443root 11241100x80000000000000004032791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44044ca0752d9192021-12-22 12:48:08.444root 11241100x80000000000000004032792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf683b095897a902021-12-22 12:48:08.444root 11241100x80000000000000004032793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e23554026897552021-12-22 12:48:08.444root 11241100x80000000000000004032794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a58eddf7b2865a2021-12-22 12:48:08.445root 11241100x80000000000000004032795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39ef10113bfc6562021-12-22 12:48:08.445root 11241100x80000000000000004032796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedb889d11f5d1822021-12-22 12:48:08.447root 11241100x80000000000000004032797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eea171d66548d602021-12-22 12:48:08.448root 11241100x80000000000000004032798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8868b40e571bd32021-12-22 12:48:08.448root 11241100x80000000000000004032799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3e74603b2d6d7e2021-12-22 12:48:08.448root 11241100x80000000000000004032800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd7d9609aa154402021-12-22 12:48:08.448root 11241100x80000000000000004032801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395365e3ce3166802021-12-22 12:48:08.448root 154100x80000000000000004032802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.867{ec2b6afe-1e88-61c3-507d-503c1c560000}22759/bin/kmod-----modprobe rootkit/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000004032803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.868{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee3981d8146ec9a2021-12-22 12:48:08.868root 11241100x80000000000000004032804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.868{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ca8606c7d53cb52021-12-22 12:48:08.868root 11241100x80000000000000004032805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.868{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac4b8eaea46750f2021-12-22 12:48:08.868root 534500x80000000000000004032806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.868{ec2b6afe-1e88-61c3-507d-503c1c560000}22759/bin/kmodubuntu 11241100x80000000000000004032807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.869{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7d82fc0dd0ed442021-12-22 12:48:08.869root 11241100x80000000000000004032808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.869{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8ec90eba0d09b32021-12-22 12:48:08.869root 11241100x80000000000000004032809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.869{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869e0ec93c3e08e02021-12-22 12:48:08.869root 11241100x80000000000000004032810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.869{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976b3e0dba197a082021-12-22 12:48:08.869root 11241100x80000000000000004032811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.869{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a1d0785131f0d02021-12-22 12:48:08.869root 11241100x80000000000000004032812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.869{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405c7a765aa4d6c02021-12-22 12:48:08.869root 11241100x80000000000000004032813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.869{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a7e6daaf95b04a2021-12-22 12:48:08.869root 11241100x80000000000000004032814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.870{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da330ddcd4d1ba872021-12-22 12:48:08.870root 11241100x80000000000000004032815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.870{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83761473e5b1ad822021-12-22 12:48:08.870root 11241100x80000000000000004032816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.870{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281895ff90df8b562021-12-22 12:48:08.870root 11241100x80000000000000004032817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:08.870{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa546fc1495ef4b2021-12-22 12:48:08.870root 11241100x80000000000000004032818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab361790a0ef7492021-12-22 12:48:09.193root 11241100x80000000000000004032819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c760619634e771a32021-12-22 12:48:09.193root 11241100x80000000000000004032820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9205e5f83a90982e2021-12-22 12:48:09.193root 11241100x80000000000000004032821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827fd3e90ead38402021-12-22 12:48:09.193root 11241100x80000000000000004032822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38bbc43d30928212021-12-22 12:48:09.194root 11241100x80000000000000004032823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e494cc4c021a4462021-12-22 12:48:09.194root 11241100x80000000000000004032824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3947e998737ffadf2021-12-22 12:48:09.194root 11241100x80000000000000004032825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616cec6bf5d6c4162021-12-22 12:48:09.195root 11241100x80000000000000004032826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce928e2b04cf57c12021-12-22 12:48:09.195root 11241100x80000000000000004032827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a69f4839ce1bf72021-12-22 12:48:09.195root 11241100x80000000000000004032828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c93ba86dfa1844b2021-12-22 12:48:09.195root 11241100x80000000000000004032829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8527b9f50a11122021-12-22 12:48:09.196root 11241100x80000000000000004032830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4739a5d4b4bdbf82021-12-22 12:48:09.196root 11241100x80000000000000004032831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b1c5513a5f0202021-12-22 12:48:09.196root 11241100x80000000000000004032832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7655b6227dbd602021-12-22 12:48:09.196root 11241100x80000000000000004032833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc041e6d74ebdbe82021-12-22 12:48:09.693root 11241100x80000000000000004032834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5658ae4a61294d02021-12-22 12:48:09.693root 11241100x80000000000000004032835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e294efcdce78b42021-12-22 12:48:09.693root 11241100x80000000000000004032836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58161b48a3cba3b2021-12-22 12:48:09.693root 11241100x80000000000000004032837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57764f29d1e9f5e32021-12-22 12:48:09.693root 11241100x80000000000000004032838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e367f408ff276c3e2021-12-22 12:48:09.693root 11241100x80000000000000004032839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7422a67bec63da842021-12-22 12:48:09.693root 11241100x80000000000000004032840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d2a64a0587a6382021-12-22 12:48:09.694root 11241100x80000000000000004032841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32233f6267bfe4702021-12-22 12:48:09.694root 11241100x80000000000000004032842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c0880c81aaebf52021-12-22 12:48:09.694root 11241100x80000000000000004032843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dad4b6d472452692021-12-22 12:48:09.694root 11241100x80000000000000004032844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35126d7a041810112021-12-22 12:48:09.694root 11241100x80000000000000004032845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23871f0865c379452021-12-22 12:48:09.694root 11241100x80000000000000004032846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9a3250996f0ba42021-12-22 12:48:09.694root 11241100x80000000000000004032847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8e43c45c86f1302021-12-22 12:48:09.695root 11241100x80000000000000004032848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e736c5109b5d4f82021-12-22 12:48:10.193root 11241100x80000000000000004032849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700e6b4ecafb68ad2021-12-22 12:48:10.193root 11241100x80000000000000004032850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d964477c035af32021-12-22 12:48:10.193root 11241100x80000000000000004032851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c5d2a40cdb96242021-12-22 12:48:10.193root 11241100x80000000000000004032852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e9dfda83ceb0432021-12-22 12:48:10.193root 11241100x80000000000000004032853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb727ff5510fd3db2021-12-22 12:48:10.194root 11241100x80000000000000004032854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72004708cc36dcdb2021-12-22 12:48:10.194root 11241100x80000000000000004032855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a916e2db742a6b32021-12-22 12:48:10.194root 11241100x80000000000000004032856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c2faa1ac09bfdb2021-12-22 12:48:10.194root 11241100x80000000000000004032857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7801ed801f12492021-12-22 12:48:10.194root 11241100x80000000000000004032858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86d36e889b22ff72021-12-22 12:48:10.194root 11241100x80000000000000004032859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ca0349ee5356c62021-12-22 12:48:10.194root 11241100x80000000000000004032860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5cdbf8841aea2c2021-12-22 12:48:10.194root 11241100x80000000000000004032861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b6831afd38614c2021-12-22 12:48:10.194root 11241100x80000000000000004032862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11d69914d337c4c2021-12-22 12:48:10.194root 11241100x80000000000000004032863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66895f07f544ec5e2021-12-22 12:48:10.693root 11241100x80000000000000004032864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476f54e19213bd8c2021-12-22 12:48:10.693root 11241100x80000000000000004032865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6f5a48b287bfd32021-12-22 12:48:10.693root 11241100x80000000000000004032866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dcbb298e3f94962021-12-22 12:48:10.693root 11241100x80000000000000004032867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86d51a5afc1307c2021-12-22 12:48:10.693root 11241100x80000000000000004032868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ce326a58822cfc2021-12-22 12:48:10.693root 11241100x80000000000000004032869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce060edb26df5b332021-12-22 12:48:10.693root 11241100x80000000000000004032870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21361d7b2c0acfb32021-12-22 12:48:10.693root 11241100x80000000000000004032871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e159ad4aad16a52021-12-22 12:48:10.694root 11241100x80000000000000004032872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4ab58ef545d4352021-12-22 12:48:10.694root 11241100x80000000000000004032873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e86469088fe8e762021-12-22 12:48:10.694root 11241100x80000000000000004032874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b7267b22d37cfe2021-12-22 12:48:10.694root 11241100x80000000000000004032875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f20935175af75f2021-12-22 12:48:10.694root 11241100x80000000000000004032876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dd58710efb1e2c2021-12-22 12:48:10.694root 11241100x80000000000000004032877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e5571ac13fcc3f2021-12-22 12:48:10.694root 11241100x80000000000000004032878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5332aa2cf2c673082021-12-22 12:48:11.193root 11241100x80000000000000004032879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9d09f9114dd9a42021-12-22 12:48:11.193root 11241100x80000000000000004032880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f05bc0880641f6b2021-12-22 12:48:11.193root 11241100x80000000000000004032881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ae0d62e71bc0862021-12-22 12:48:11.193root 11241100x80000000000000004032882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869a21abed1fa41e2021-12-22 12:48:11.193root 11241100x80000000000000004032883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19e2215683ee7262021-12-22 12:48:11.193root 11241100x80000000000000004032884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a24bf23ee6b4ef62021-12-22 12:48:11.193root 11241100x80000000000000004032885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceac277df026fc712021-12-22 12:48:11.194root 11241100x80000000000000004032886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902750becb7614ef2021-12-22 12:48:11.194root 11241100x80000000000000004032887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05d1271200211e62021-12-22 12:48:11.194root 11241100x80000000000000004032888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6e1b985d3122382021-12-22 12:48:11.194root 11241100x80000000000000004032889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481115b62e67449a2021-12-22 12:48:11.194root 11241100x80000000000000004032890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00223cecf3a7ddf2021-12-22 12:48:11.194root 11241100x80000000000000004032891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e60d689e1432522021-12-22 12:48:11.194root 11241100x80000000000000004032892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670406ad1fa1c5fb2021-12-22 12:48:11.194root 11241100x80000000000000004032893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ba2781943d3bf82021-12-22 12:48:11.693root 11241100x80000000000000004032894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5027845034a2f32021-12-22 12:48:11.693root 11241100x80000000000000004032895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da91b302eee887162021-12-22 12:48:11.693root 11241100x80000000000000004032896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ebdc406b0d394d2021-12-22 12:48:11.693root 11241100x80000000000000004032897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f1b8c7ffee7e012021-12-22 12:48:11.693root 11241100x80000000000000004032898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04410b548ffd85b52021-12-22 12:48:11.693root 11241100x80000000000000004032899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932023068fca28692021-12-22 12:48:11.694root 11241100x80000000000000004032900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbeaf3b88d9c5b4d2021-12-22 12:48:11.694root 11241100x80000000000000004032901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee1279ee0ef68952021-12-22 12:48:11.694root 11241100x80000000000000004032902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e11c424633d8df2021-12-22 12:48:11.694root 11241100x80000000000000004032903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e432de6878c4dc2021-12-22 12:48:11.694root 11241100x80000000000000004032904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc15676f5b2d4e002021-12-22 12:48:11.694root 11241100x80000000000000004032905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2363d392d59ff6eb2021-12-22 12:48:11.694root 11241100x80000000000000004032906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b94e401758d5862021-12-22 12:48:11.694root 11241100x80000000000000004032907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dda170fa3587b12021-12-22 12:48:11.695root 11241100x80000000000000004032908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd3b0594f1dcbe02021-12-22 12:48:12.193root 11241100x80000000000000004032909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484aefd38ea9fc682021-12-22 12:48:12.193root 11241100x80000000000000004032910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03eea129e1cf53852021-12-22 12:48:12.193root 11241100x80000000000000004032911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7fe77a731b3b112021-12-22 12:48:12.193root 11241100x80000000000000004032912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40b55292134adc22021-12-22 12:48:12.193root 11241100x80000000000000004032913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a7a888de41f0d72021-12-22 12:48:12.193root 11241100x80000000000000004032914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e79ceead00ccad32021-12-22 12:48:12.193root 11241100x80000000000000004032915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dc7c6f90ff8d442021-12-22 12:48:12.194root 11241100x80000000000000004032916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607c38660042d16f2021-12-22 12:48:12.194root 11241100x80000000000000004032917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45e8aee4ca318472021-12-22 12:48:12.194root 11241100x80000000000000004032918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11175fc1c7cd52f62021-12-22 12:48:12.194root 11241100x80000000000000004032919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9d56196e90bae92021-12-22 12:48:12.194root 11241100x80000000000000004032920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afebb9f87787cc62021-12-22 12:48:12.194root 11241100x80000000000000004032921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf9354def5ff8e22021-12-22 12:48:12.194root 11241100x80000000000000004032922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3a52d417e7851f2021-12-22 12:48:12.194root 11241100x80000000000000004032923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f933d139c269a862021-12-22 12:48:12.693root 11241100x80000000000000004032924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7c01c175b708532021-12-22 12:48:12.693root 11241100x80000000000000004032925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f9342310d6a1b32021-12-22 12:48:12.693root 11241100x80000000000000004032926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221fab00541dbeaf2021-12-22 12:48:12.693root 11241100x80000000000000004032927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b07bffd04594ad2021-12-22 12:48:12.693root 11241100x80000000000000004032928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e04e2e3278548d2021-12-22 12:48:12.693root 11241100x80000000000000004032929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81581e7fabef53032021-12-22 12:48:12.693root 11241100x80000000000000004032930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf03137cbc6cbbd2021-12-22 12:48:12.693root 11241100x80000000000000004032931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d481a9516f15e29a2021-12-22 12:48:12.694root 11241100x80000000000000004032932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce57f7731bb43bb72021-12-22 12:48:12.694root 11241100x80000000000000004032933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c72556bca0ce7492021-12-22 12:48:12.694root 11241100x80000000000000004032934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051de8d0e2b0414e2021-12-22 12:48:12.694root 11241100x80000000000000004032935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a70cc5409edeaf32021-12-22 12:48:12.694root 11241100x80000000000000004032936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a35e4d84db56d3a2021-12-22 12:48:12.694root 11241100x80000000000000004032937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5314e18c5d3835622021-12-22 12:48:12.694root 354300x80000000000000004032938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.109{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56928-false10.0.1.12-8000- 11241100x80000000000000004032939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fc0ffb57fcafb92021-12-22 12:48:13.110root 11241100x80000000000000004032940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c71bc02d6c37212021-12-22 12:48:13.110root 11241100x80000000000000004032941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd541159c5ba50e72021-12-22 12:48:13.110root 11241100x80000000000000004032942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e328bbcdddf389a2021-12-22 12:48:13.110root 11241100x80000000000000004032943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be9cde2ed6a9d5e2021-12-22 12:48:13.111root 11241100x80000000000000004032944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f952029aeac380152021-12-22 12:48:13.111root 11241100x80000000000000004032945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31e1bf97ef511182021-12-22 12:48:13.111root 11241100x80000000000000004032946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7351dc8e1766112021-12-22 12:48:13.111root 11241100x80000000000000004032947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99044986456373592021-12-22 12:48:13.111root 11241100x80000000000000004032948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104165886064131f2021-12-22 12:48:13.111root 11241100x80000000000000004032949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5623cf874ee612352021-12-22 12:48:13.111root 11241100x80000000000000004032950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87946bf3f231212a2021-12-22 12:48:13.111root 11241100x80000000000000004032951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a3d328631c80452021-12-22 12:48:13.111root 11241100x80000000000000004032952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6040172c6b1349c52021-12-22 12:48:13.111root 11241100x80000000000000004032953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d817d5b20c55d0f2021-12-22 12:48:13.111root 11241100x80000000000000004032954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f74fadd776685b2021-12-22 12:48:13.112root 11241100x80000000000000004032955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829ae4c6d9ab5f552021-12-22 12:48:13.443root 11241100x80000000000000004032956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f375d7a5a8eab812021-12-22 12:48:13.443root 11241100x80000000000000004032957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ccaf99cddd82052021-12-22 12:48:13.443root 11241100x80000000000000004032958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3fc77fbdae14a62021-12-22 12:48:13.443root 11241100x80000000000000004032959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d08367f6a388022021-12-22 12:48:13.443root 11241100x80000000000000004032960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c94dd65b0072c12021-12-22 12:48:13.443root 11241100x80000000000000004032961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1867f469a06ae02021-12-22 12:48:13.444root 11241100x80000000000000004032962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de01013e1896eb722021-12-22 12:48:13.444root 11241100x80000000000000004032963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5801edccc5bd822021-12-22 12:48:13.444root 11241100x80000000000000004032964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c2c4a0b9b7599e2021-12-22 12:48:13.444root 11241100x80000000000000004032965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9290cef481d00b692021-12-22 12:48:13.444root 11241100x80000000000000004032966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73aa83376d8f7c8d2021-12-22 12:48:13.444root 11241100x80000000000000004032967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b28c6d63a8d9ad2021-12-22 12:48:13.445root 11241100x80000000000000004032968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97049d4bcab40a562021-12-22 12:48:13.445root 11241100x80000000000000004032969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bbf6a27795d3ff2021-12-22 12:48:13.445root 11241100x80000000000000004032970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00647b1bb2e49af22021-12-22 12:48:13.445root 11241100x80000000000000004032971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f37300a2dccaae2021-12-22 12:48:13.943root 11241100x80000000000000004032972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b924e65928f6b7422021-12-22 12:48:13.943root 11241100x80000000000000004032973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b82f4461cae3f82021-12-22 12:48:13.943root 11241100x80000000000000004032974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1f07fbd3fac6302021-12-22 12:48:13.943root 11241100x80000000000000004032975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834f0946d04a39052021-12-22 12:48:13.943root 11241100x80000000000000004032976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f45d4f00661f762021-12-22 12:48:13.943root 11241100x80000000000000004032977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de51cea229f4222021-12-22 12:48:13.944root 11241100x80000000000000004032978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a68f1865b887402021-12-22 12:48:13.944root 11241100x80000000000000004032979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75797f4ba36a7512021-12-22 12:48:13.944root 11241100x80000000000000004032980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967a933804a6dc912021-12-22 12:48:13.944root 11241100x80000000000000004032981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6815837a88a15f2021-12-22 12:48:13.944root 11241100x80000000000000004032982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a77466a6dc657c82021-12-22 12:48:13.944root 11241100x80000000000000004032983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00e3ff39b5d03b82021-12-22 12:48:13.944root 11241100x80000000000000004032984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd415c3cf0ae4e5e2021-12-22 12:48:13.944root 11241100x80000000000000004032985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afa07ba50fa3c252021-12-22 12:48:13.944root 11241100x80000000000000004032986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab2b22d647f6ea32021-12-22 12:48:13.944root 11241100x80000000000000004032987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f560b5dda24178982021-12-22 12:48:14.443root 11241100x80000000000000004032988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e642b652871ec22021-12-22 12:48:14.443root 11241100x80000000000000004032989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a44b18f21dcb9c2021-12-22 12:48:14.443root 11241100x80000000000000004032990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8291fc54a08bcfad2021-12-22 12:48:14.443root 11241100x80000000000000004032991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a51cda923f23d82021-12-22 12:48:14.443root 11241100x80000000000000004032992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881fc96997bf92b22021-12-22 12:48:14.443root 11241100x80000000000000004032993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5010a01336f84d2021-12-22 12:48:14.443root 11241100x80000000000000004032994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d7482f7d8a57dd2021-12-22 12:48:14.444root 11241100x80000000000000004032995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff748550348877ae2021-12-22 12:48:14.444root 11241100x80000000000000004032996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e190be3d05f5052021-12-22 12:48:14.444root 11241100x80000000000000004032997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9212384cebe0047c2021-12-22 12:48:14.444root 11241100x80000000000000004032998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152b71e2c7877c1b2021-12-22 12:48:14.444root 11241100x80000000000000004032999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b3b4135a7bcc612021-12-22 12:48:14.444root 11241100x80000000000000004033000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede3ed87e1a692502021-12-22 12:48:14.444root 11241100x80000000000000004033001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4209bd48cdb3892021-12-22 12:48:14.444root 11241100x80000000000000004033002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f72bdf58ce59e32021-12-22 12:48:14.444root 11241100x80000000000000004033003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e8ae0a33d650d82021-12-22 12:48:14.943root 11241100x80000000000000004033004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3333455bbf6ba9262021-12-22 12:48:14.943root 11241100x80000000000000004033005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86de6d4c31bdd9a02021-12-22 12:48:14.943root 11241100x80000000000000004033006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e44ebcf6ac9e4a22021-12-22 12:48:14.943root 11241100x80000000000000004033007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8849d247147ddb2b2021-12-22 12:48:14.944root 11241100x80000000000000004033008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee623565009f560f2021-12-22 12:48:14.944root 11241100x80000000000000004033009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df1ec60f03738c82021-12-22 12:48:14.944root 11241100x80000000000000004033010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f611d9104c9863732021-12-22 12:48:14.944root 11241100x80000000000000004033011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb0ed60c0738ead2021-12-22 12:48:14.944root 11241100x80000000000000004033012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4afd60695bbc842021-12-22 12:48:14.944root 11241100x80000000000000004033013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c2cf3d6383d39f2021-12-22 12:48:14.944root 11241100x80000000000000004033014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db16fe66e0ccd4832021-12-22 12:48:14.944root 11241100x80000000000000004033015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996d22c0b20f906c2021-12-22 12:48:14.944root 11241100x80000000000000004033016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f86093feb3dfe12021-12-22 12:48:14.944root 11241100x80000000000000004033017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbe395bd4ea679f2021-12-22 12:48:14.945root 11241100x80000000000000004033018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83095ded2ad54592021-12-22 12:48:14.945root 11241100x80000000000000004033019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcccb92cd879af272021-12-22 12:48:15.443root 11241100x80000000000000004033020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066579e2d89133932021-12-22 12:48:15.443root 11241100x80000000000000004033021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4103f744b77729052021-12-22 12:48:15.443root 11241100x80000000000000004033022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c385b65d041dd412021-12-22 12:48:15.443root 11241100x80000000000000004033023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3872190023fae8692021-12-22 12:48:15.443root 11241100x80000000000000004033024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa02d644ea2a2a122021-12-22 12:48:15.443root 11241100x80000000000000004033025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8ef2cba5243afb2021-12-22 12:48:15.443root 11241100x80000000000000004033026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8836b0413215a62021-12-22 12:48:15.444root 11241100x80000000000000004033027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6d14ee17315a032021-12-22 12:48:15.444root 11241100x80000000000000004033028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d7ba77c0ae86902021-12-22 12:48:15.444root 11241100x80000000000000004033029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a40b8441f245c62021-12-22 12:48:15.444root 11241100x80000000000000004033030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8732a679a2aefca2021-12-22 12:48:15.444root 11241100x80000000000000004033031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ebc18b057cac8d2021-12-22 12:48:15.444root 11241100x80000000000000004033032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d681e8c992037a382021-12-22 12:48:15.444root 11241100x80000000000000004033033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f218bf390c2f5b2021-12-22 12:48:15.444root 11241100x80000000000000004033034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c57fda7a2d853562021-12-22 12:48:15.444root 11241100x80000000000000004033035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf419f782c9904482021-12-22 12:48:15.943root 11241100x80000000000000004033036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2147e84f5e1d8512021-12-22 12:48:15.943root 11241100x80000000000000004033037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d70d7531eddaf82021-12-22 12:48:15.943root 11241100x80000000000000004033038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b058baaae20a6c32021-12-22 12:48:15.943root 11241100x80000000000000004033039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71755084fad8cbe02021-12-22 12:48:15.943root 11241100x80000000000000004033040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee82bf5be0fa0ca12021-12-22 12:48:15.943root 11241100x80000000000000004033041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df19e805092532802021-12-22 12:48:15.943root 11241100x80000000000000004033042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a34a4152e836c82021-12-22 12:48:15.943root 11241100x80000000000000004033043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1711a78ce5158042021-12-22 12:48:15.944root 11241100x80000000000000004033044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66659e30529a50c2021-12-22 12:48:15.944root 11241100x80000000000000004033045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f8919c2d80d89b2021-12-22 12:48:15.944root 11241100x80000000000000004033046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53aa5e660d0c7e942021-12-22 12:48:15.944root 11241100x80000000000000004033047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64f98d124c0341a2021-12-22 12:48:15.944root 11241100x80000000000000004033048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ad0a69fa07deec2021-12-22 12:48:15.944root 11241100x80000000000000004033049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994e9d20c3fcf7962021-12-22 12:48:15.944root 11241100x80000000000000004033050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85aeb0b1adaa2772021-12-22 12:48:15.944root 11241100x80000000000000004033051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce74b7ad932210c2021-12-22 12:48:16.443root 11241100x80000000000000004033052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847f0bb1dd47c7962021-12-22 12:48:16.443root 11241100x80000000000000004033053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1efa75cb259c4a2021-12-22 12:48:16.443root 11241100x80000000000000004033054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe74ef7eaee04622021-12-22 12:48:16.443root 11241100x80000000000000004033055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afad6df5cbdf48692021-12-22 12:48:16.443root 11241100x80000000000000004033056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc77cab77b7ad1b92021-12-22 12:48:16.443root 11241100x80000000000000004033057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de3f9048496fdc82021-12-22 12:48:16.443root 11241100x80000000000000004033058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4659a84d2ee79f6e2021-12-22 12:48:16.444root 11241100x80000000000000004033059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94814665645975402021-12-22 12:48:16.444root 11241100x80000000000000004033060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31e266957dc12e72021-12-22 12:48:16.444root 11241100x80000000000000004033061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f5d5dd065421752021-12-22 12:48:16.444root 11241100x80000000000000004033062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efe1a202113fb332021-12-22 12:48:16.444root 11241100x80000000000000004033063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb6aa5e5b9beeb42021-12-22 12:48:16.444root 11241100x80000000000000004033064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d049833091859c2021-12-22 12:48:16.444root 11241100x80000000000000004033065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f458e1f642b11d2021-12-22 12:48:16.444root 11241100x80000000000000004033066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c675137eee8308dc2021-12-22 12:48:16.444root 11241100x80000000000000004033067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efc47e8e4a05a592021-12-22 12:48:16.943root 11241100x80000000000000004033068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a5a38d740153fb2021-12-22 12:48:16.943root 11241100x80000000000000004033069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101d843812ac3ea62021-12-22 12:48:16.943root 11241100x80000000000000004033070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45396b83dc359e532021-12-22 12:48:16.943root 11241100x80000000000000004033071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8276dc380a0e3a2021-12-22 12:48:16.943root 11241100x80000000000000004033072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adab14da1ea7d6b2021-12-22 12:48:16.943root 11241100x80000000000000004033073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b77bab54bce2ac2021-12-22 12:48:16.943root 11241100x80000000000000004033074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753946cec13a436f2021-12-22 12:48:16.944root 11241100x80000000000000004033075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6431b828050fbcbe2021-12-22 12:48:16.944root 11241100x80000000000000004033076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2b0cd539b1eb0c2021-12-22 12:48:16.944root 11241100x80000000000000004033077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8ccd010adca1092021-12-22 12:48:16.944root 11241100x80000000000000004033078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890e7444bf4e1eee2021-12-22 12:48:16.944root 11241100x80000000000000004033079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c03bcc0c54ac70f2021-12-22 12:48:16.944root 11241100x80000000000000004033080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b07199fbd2d0052021-12-22 12:48:16.944root 11241100x80000000000000004033081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca69154b23586dd52021-12-22 12:48:16.944root 11241100x80000000000000004033082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a329ca49b7ca0042021-12-22 12:48:16.944root 11241100x80000000000000004033083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13012563d38432722021-12-22 12:48:17.443root 11241100x80000000000000004033084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e36aec51b33e4332021-12-22 12:48:17.443root 11241100x80000000000000004033085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0970b5985ab5d602021-12-22 12:48:17.443root 11241100x80000000000000004033086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e939fe6ecf0a4372021-12-22 12:48:17.443root 11241100x80000000000000004033087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40373883c3d9e1302021-12-22 12:48:17.443root 11241100x80000000000000004033088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fa846a5fe5d9ff2021-12-22 12:48:17.443root 11241100x80000000000000004033089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8066058248f13eda2021-12-22 12:48:17.443root 11241100x80000000000000004033090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1eb605203c10d52021-12-22 12:48:17.444root 11241100x80000000000000004033091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe8c090a9f2463c2021-12-22 12:48:17.444root 11241100x80000000000000004033092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4531fad7e856ff2021-12-22 12:48:17.444root 11241100x80000000000000004033093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35e56fffa6a272f2021-12-22 12:48:17.444root 11241100x80000000000000004033094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b764f472a7123e232021-12-22 12:48:17.444root 11241100x80000000000000004033095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7af429e30d92282021-12-22 12:48:17.444root 11241100x80000000000000004033096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24d35c9bbc122562021-12-22 12:48:17.444root 11241100x80000000000000004033097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697cfe9207d6418a2021-12-22 12:48:17.444root 11241100x80000000000000004033098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2841ae5cb92dfc2021-12-22 12:48:17.444root 11241100x80000000000000004033099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733032775849d7f72021-12-22 12:48:17.942root 11241100x80000000000000004033100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a42730439fe4ed12021-12-22 12:48:17.943root 11241100x80000000000000004033101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f3528f22bed1242021-12-22 12:48:17.943root 11241100x80000000000000004033102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdae9830235ce90a2021-12-22 12:48:17.943root 11241100x80000000000000004033103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6b3ef0de90c1752021-12-22 12:48:17.943root 11241100x80000000000000004033104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bb320bf6c12dc72021-12-22 12:48:17.943root 11241100x80000000000000004033105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de7e00f5cbd9a102021-12-22 12:48:17.943root 11241100x80000000000000004033106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a9795e387b30422021-12-22 12:48:17.943root 11241100x80000000000000004033107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5772b019176aac12021-12-22 12:48:17.943root 11241100x80000000000000004033108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c18be6de35c51a2021-12-22 12:48:17.943root 11241100x80000000000000004033109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258e1c6d125b77772021-12-22 12:48:17.943root 11241100x80000000000000004033110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4fcb02400bcfc52021-12-22 12:48:17.943root 11241100x80000000000000004033111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d47be75e548b032021-12-22 12:48:17.944root 11241100x80000000000000004033112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1306abf0803f5542021-12-22 12:48:17.944root 11241100x80000000000000004033113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa535f44d1b93a742021-12-22 12:48:17.944root 11241100x80000000000000004033114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ce6c985cab8e932021-12-22 12:48:17.944root 354300x80000000000000004033115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.204{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56930-false10.0.1.12-8000- 11241100x80000000000000004033116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45152ea528d2f5132021-12-22 12:48:18.205root 11241100x80000000000000004033117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3410de9db3dc896e2021-12-22 12:48:18.205root 11241100x80000000000000004033118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525b2afa6b877edd2021-12-22 12:48:18.206root 11241100x80000000000000004033119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61a5cc537c33d4d2021-12-22 12:48:18.206root 11241100x80000000000000004033120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba4e56bd796296e2021-12-22 12:48:18.206root 11241100x80000000000000004033121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370e19b2d1e1e0252021-12-22 12:48:18.206root 11241100x80000000000000004033122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c67d09d6b52f0692021-12-22 12:48:18.206root 11241100x80000000000000004033123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff9084e6987ce462021-12-22 12:48:18.206root 11241100x80000000000000004033124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cb2ba0b8e447e02021-12-22 12:48:18.206root 11241100x80000000000000004033125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd93ad040b5066e82021-12-22 12:48:18.206root 11241100x80000000000000004033126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872c24be6c3b8c1f2021-12-22 12:48:18.206root 11241100x80000000000000004033127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9662a92677efaf2021-12-22 12:48:18.206root 11241100x80000000000000004033128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af81966b2ff05152021-12-22 12:48:18.206root 11241100x80000000000000004033129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c517f4a108e83a6f2021-12-22 12:48:18.207root 11241100x80000000000000004033130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b28c5e116a51f152021-12-22 12:48:18.207root 11241100x80000000000000004033131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805ef33c0df81e7f2021-12-22 12:48:18.207root 11241100x80000000000000004033132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3c4e3f6473d6442021-12-22 12:48:18.207root 11241100x80000000000000004033133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a02b4d7df0f0642021-12-22 12:48:18.692root 11241100x80000000000000004033134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03b8681261272fd2021-12-22 12:48:18.693root 11241100x80000000000000004033135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a84312d0e432112021-12-22 12:48:18.693root 11241100x80000000000000004033136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fa41fcb3f067552021-12-22 12:48:18.693root 11241100x80000000000000004033137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2618a70773cbbf2021-12-22 12:48:18.693root 11241100x80000000000000004033138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6d761d9fd968932021-12-22 12:48:18.693root 11241100x80000000000000004033139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0ac7ccd0b737db2021-12-22 12:48:18.694root 11241100x80000000000000004033140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e17ba6d49033df2021-12-22 12:48:18.694root 11241100x80000000000000004033141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1625e899c400be402021-12-22 12:48:18.694root 11241100x80000000000000004033142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbc5d7a2dca78742021-12-22 12:48:18.695root 11241100x80000000000000004033143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408752c2491b29e12021-12-22 12:48:18.695root 11241100x80000000000000004033144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b70ef9c0ff71072021-12-22 12:48:18.696root 11241100x80000000000000004033145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4288f926c5117a7f2021-12-22 12:48:18.696root 11241100x80000000000000004033146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f944bb5ded9c4d3d2021-12-22 12:48:18.696root 11241100x80000000000000004033147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c133c2937124032021-12-22 12:48:18.697root 11241100x80000000000000004033148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0377eb19b40101872021-12-22 12:48:18.697root 11241100x80000000000000004033149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9eebf5b6ad46ae72021-12-22 12:48:18.697root 11241100x80000000000000004033150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e16a4266b023af2021-12-22 12:48:18.697root 11241100x80000000000000004033151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22814e08cfe8861f2021-12-22 12:48:18.698root 11241100x80000000000000004033152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf81e79d86015ddd2021-12-22 12:48:18.698root 11241100x80000000000000004033153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f15d83bc849282e2021-12-22 12:48:18.698root 11241100x80000000000000004033154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:18.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ab74c8f70c4dcf2021-12-22 12:48:18.699root 11241100x80000000000000004033155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc3acd3cab56b642021-12-22 12:48:19.193root 11241100x80000000000000004033156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc815745b47b6802021-12-22 12:48:19.193root 11241100x80000000000000004033157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741ebdae101439a72021-12-22 12:48:19.193root 11241100x80000000000000004033158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c5d49104fce63d2021-12-22 12:48:19.194root 11241100x80000000000000004033159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9aa71c6b03b55e2021-12-22 12:48:19.194root 11241100x80000000000000004033160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babfdb809ae5bf132021-12-22 12:48:19.194root 11241100x80000000000000004033161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d25e51e71e088db2021-12-22 12:48:19.194root 11241100x80000000000000004033162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eda3ebe23b51692021-12-22 12:48:19.195root 11241100x80000000000000004033163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e85f148e3e7a64d2021-12-22 12:48:19.195root 11241100x80000000000000004033164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67323b97ab5c04c12021-12-22 12:48:19.195root 11241100x80000000000000004033165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8625ceeb3e2e82052021-12-22 12:48:19.195root 11241100x80000000000000004033166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9feacca30dfd52e2021-12-22 12:48:19.195root 11241100x80000000000000004033167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee346b02a07b43952021-12-22 12:48:19.196root 11241100x80000000000000004033168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c836421b1f81c72021-12-22 12:48:19.196root 11241100x80000000000000004033169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fd1f93f8a66bbf2021-12-22 12:48:19.196root 11241100x80000000000000004033170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96532075da8007142021-12-22 12:48:19.196root 11241100x80000000000000004033171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182ffaf67da3a44e2021-12-22 12:48:19.196root 11241100x80000000000000004033172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d52e6fab919e7b72021-12-22 12:48:19.693root 11241100x80000000000000004033173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e7e2f9a0e547ad2021-12-22 12:48:19.693root 11241100x80000000000000004033174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af22ed8f081b87a72021-12-22 12:48:19.693root 11241100x80000000000000004033175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e677c3ece5bde4f2021-12-22 12:48:19.693root 11241100x80000000000000004033176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82d3a0b172472942021-12-22 12:48:19.693root 11241100x80000000000000004033177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0206b106dc54e872021-12-22 12:48:19.693root 11241100x80000000000000004033178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7feaa516e61107c2021-12-22 12:48:19.693root 11241100x80000000000000004033179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8008fb95973e2ab2021-12-22 12:48:19.694root 11241100x80000000000000004033180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059b5bbb9fb1afb02021-12-22 12:48:19.694root 11241100x80000000000000004033181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4b34eed9a78b462021-12-22 12:48:19.694root 11241100x80000000000000004033182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb74ae0317492132021-12-22 12:48:19.694root 11241100x80000000000000004033183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f757d8eca473692021-12-22 12:48:19.694root 11241100x80000000000000004033184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9a50efc2a4ea752021-12-22 12:48:19.694root 11241100x80000000000000004033185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9450259e12919c2021-12-22 12:48:19.694root 11241100x80000000000000004033186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc22d580ee6f04e2021-12-22 12:48:19.694root 11241100x80000000000000004033187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffcb90d285270d12021-12-22 12:48:19.694root 11241100x80000000000000004033188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44accae87b0e41db2021-12-22 12:48:19.694root 11241100x80000000000000004033189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3701bcf69fd2a83d2021-12-22 12:48:20.195root 11241100x80000000000000004033190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f791b60b69c09afd2021-12-22 12:48:20.195root 11241100x80000000000000004033191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4ad428effa48942021-12-22 12:48:20.195root 11241100x80000000000000004033192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cc3a79f9f6a5e72021-12-22 12:48:20.195root 11241100x80000000000000004033193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9b5efb2a1928582021-12-22 12:48:20.195root 11241100x80000000000000004033194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb116517e82a34d2021-12-22 12:48:20.195root 11241100x80000000000000004033195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a18393b5b76dfb2021-12-22 12:48:20.195root 11241100x80000000000000004033196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0662a560c8a0242021-12-22 12:48:20.195root 11241100x80000000000000004033197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0119f81e18167e12021-12-22 12:48:20.196root 11241100x80000000000000004033198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4161e20f34b3e1282021-12-22 12:48:20.196root 11241100x80000000000000004033199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e065fca6cf21f24b2021-12-22 12:48:20.196root 11241100x80000000000000004033200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0390b63b5ca9cf262021-12-22 12:48:20.196root 11241100x80000000000000004033201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83717a6a4df74e182021-12-22 12:48:20.196root 11241100x80000000000000004033202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0d1e65ff349b872021-12-22 12:48:20.196root 11241100x80000000000000004033203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de6c14d3fce5c012021-12-22 12:48:20.196root 11241100x80000000000000004033204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7771f2a688584a7f2021-12-22 12:48:20.196root 11241100x80000000000000004033205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175dc932f6cb3e4c2021-12-22 12:48:20.196root 11241100x80000000000000004033206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df99d934803d26242021-12-22 12:48:20.693root 11241100x80000000000000004033207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f019473fa1d13452021-12-22 12:48:20.693root 11241100x80000000000000004033208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600718ea983b86832021-12-22 12:48:20.693root 11241100x80000000000000004033209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27174521eec257082021-12-22 12:48:20.693root 11241100x80000000000000004033210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde9e406aee6c5c32021-12-22 12:48:20.693root 11241100x80000000000000004033211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17c6898676d1bca2021-12-22 12:48:20.694root 11241100x80000000000000004033212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56884616b04b6f912021-12-22 12:48:20.694root 11241100x80000000000000004033213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02af3020b242c2d2021-12-22 12:48:20.694root 11241100x80000000000000004033214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdbb04f1cfc718a2021-12-22 12:48:20.694root 11241100x80000000000000004033215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca595aef61bb2dd2021-12-22 12:48:20.694root 11241100x80000000000000004033216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc727be054a413732021-12-22 12:48:20.694root 11241100x80000000000000004033217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e53e5d5ad737fb2021-12-22 12:48:20.694root 11241100x80000000000000004033218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01df7889740c9b52021-12-22 12:48:20.694root 11241100x80000000000000004033219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf4f965f4b79a6b2021-12-22 12:48:20.694root 11241100x80000000000000004033220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05969f75069a241a2021-12-22 12:48:20.694root 11241100x80000000000000004033221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feae2f44ae7dbf1a2021-12-22 12:48:20.694root 11241100x80000000000000004033222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67455c05499026e32021-12-22 12:48:20.694root 11241100x80000000000000004033223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b7aef212a5ae2e2021-12-22 12:48:21.193root 11241100x80000000000000004033224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41653097db86f57d2021-12-22 12:48:21.193root 11241100x80000000000000004033225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65df1d7c4a65e2a42021-12-22 12:48:21.193root 11241100x80000000000000004033226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f603224a12733522021-12-22 12:48:21.194root 11241100x80000000000000004033227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c2ac6cedf9ebc42021-12-22 12:48:21.194root 11241100x80000000000000004033228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b9449ba5ea2a172021-12-22 12:48:21.194root 11241100x80000000000000004033229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488a15108ff74e7c2021-12-22 12:48:21.194root 11241100x80000000000000004033230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c06f28c9643c6452021-12-22 12:48:21.194root 11241100x80000000000000004033231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72a0d843bb0d84c2021-12-22 12:48:21.194root 11241100x80000000000000004033232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f248b0de46ee2e2021-12-22 12:48:21.194root 11241100x80000000000000004033233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b751504016222c2021-12-22 12:48:21.194root 11241100x80000000000000004033234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f24c7654d34a83b2021-12-22 12:48:21.194root 11241100x80000000000000004033235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02625e8db847e5212021-12-22 12:48:21.194root 11241100x80000000000000004033236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d9152b8f39d0da2021-12-22 12:48:21.194root 11241100x80000000000000004033237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5701679e636dbc572021-12-22 12:48:21.194root 11241100x80000000000000004033238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b42843e6ce93892021-12-22 12:48:21.195root 11241100x80000000000000004033239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497c48f42d71bb2c2021-12-22 12:48:21.195root 11241100x80000000000000004033240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c9b254bedaae9a2021-12-22 12:48:21.693root 11241100x80000000000000004033241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77efdcb97163d5ab2021-12-22 12:48:21.693root 11241100x80000000000000004033242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fae416602f904ee2021-12-22 12:48:21.693root 11241100x80000000000000004033243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63484981c8ebdbc2021-12-22 12:48:21.693root 11241100x80000000000000004033244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2db664f1f3a7dd22021-12-22 12:48:21.694root 11241100x80000000000000004033245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d554a2062a0d6cf12021-12-22 12:48:21.694root 11241100x80000000000000004033246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b727d4bc33bf0e2021-12-22 12:48:21.694root 11241100x80000000000000004033247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca08a0eadf780cf62021-12-22 12:48:21.694root 11241100x80000000000000004033248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306624e120fb3fb42021-12-22 12:48:21.694root 11241100x80000000000000004033249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08933248221141e02021-12-22 12:48:21.694root 11241100x80000000000000004033250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a516c66086ba92e32021-12-22 12:48:21.694root 11241100x80000000000000004033251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2514d47ad8fc679a2021-12-22 12:48:21.694root 11241100x80000000000000004033252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad072f1be146800f2021-12-22 12:48:21.694root 11241100x80000000000000004033253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6386ce76dc6823d82021-12-22 12:48:21.694root 11241100x80000000000000004033254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c8d8361543c35c2021-12-22 12:48:21.694root 11241100x80000000000000004033255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9525e7d2e5a22b2021-12-22 12:48:21.695root 11241100x80000000000000004033256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adcde94aa5f3e282021-12-22 12:48:21.695root 11241100x80000000000000004033257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9005aa8fa58f69212021-12-22 12:48:22.193root 11241100x80000000000000004033258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306307be4de3ba092021-12-22 12:48:22.193root 11241100x80000000000000004033259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5708d873c4c19eed2021-12-22 12:48:22.193root 11241100x80000000000000004033260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2525aab13c5a5e582021-12-22 12:48:22.193root 11241100x80000000000000004033261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0be8c61409098d92021-12-22 12:48:22.193root 11241100x80000000000000004033262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5d7c1c4e3776db2021-12-22 12:48:22.194root 11241100x80000000000000004033263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedcdab445af8dc92021-12-22 12:48:22.194root 11241100x80000000000000004033264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f0bf0ee825dd202021-12-22 12:48:22.194root 11241100x80000000000000004033265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609bb6416d2067962021-12-22 12:48:22.194root 11241100x80000000000000004033266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a989b2e3103f432021-12-22 12:48:22.194root 11241100x80000000000000004033267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df5205fd9bfd6c82021-12-22 12:48:22.195root 11241100x80000000000000004033268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be62071bc9aaf32021-12-22 12:48:22.195root 11241100x80000000000000004033269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aede5213ad47a2e2021-12-22 12:48:22.195root 11241100x80000000000000004033270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79d48295ad9f1c12021-12-22 12:48:22.195root 11241100x80000000000000004033271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52484f348fafffb42021-12-22 12:48:22.195root 11241100x80000000000000004033272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0250f9db32efc0b52021-12-22 12:48:22.196root 11241100x80000000000000004033273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a663ded318cc2542021-12-22 12:48:22.196root 11241100x80000000000000004033274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772c8aa9245ea3572021-12-22 12:48:22.693root 11241100x80000000000000004033275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d6a13810d4ac4e2021-12-22 12:48:22.693root 11241100x80000000000000004033276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987f1c090f1d90b72021-12-22 12:48:22.693root 11241100x80000000000000004033277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda42a3f4ef83d642021-12-22 12:48:22.693root 11241100x80000000000000004033278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abf5e5eb7d424062021-12-22 12:48:22.693root 11241100x80000000000000004033279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de3e49b079f80f82021-12-22 12:48:22.693root 11241100x80000000000000004033280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a0a4ccbe26f3362021-12-22 12:48:22.693root 11241100x80000000000000004033281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eac45f2ae7003512021-12-22 12:48:22.694root 11241100x80000000000000004033282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87fecc586553a502021-12-22 12:48:22.694root 11241100x80000000000000004033283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfba7f8153f57e02021-12-22 12:48:22.694root 11241100x80000000000000004033284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c401feb4608321ee2021-12-22 12:48:22.694root 11241100x80000000000000004033285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8314e02daa8aa8d42021-12-22 12:48:22.694root 11241100x80000000000000004033286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc17c31b094e9b12021-12-22 12:48:22.694root 11241100x80000000000000004033287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0821a4b0a5d37adf2021-12-22 12:48:22.694root 11241100x80000000000000004033288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78dde7ac5fd46cdf2021-12-22 12:48:22.694root 11241100x80000000000000004033289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbde583348e21ebc2021-12-22 12:48:22.694root 11241100x80000000000000004033290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faba0ddb6dab58892021-12-22 12:48:22.694root 11241100x80000000000000004033291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1996c3118672b62021-12-22 12:48:23.193root 11241100x80000000000000004033292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355134ff5a21fcf72021-12-22 12:48:23.193root 11241100x80000000000000004033293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ce8f1b6b44e9882021-12-22 12:48:23.193root 11241100x80000000000000004033294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b01d85dfeeb1f2f2021-12-22 12:48:23.194root 11241100x80000000000000004033295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9eabfea3c983012021-12-22 12:48:23.194root 11241100x80000000000000004033296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab22cef3632368bb2021-12-22 12:48:23.194root 11241100x80000000000000004033297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8440fbbcc897c9262021-12-22 12:48:23.194root 11241100x80000000000000004033298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba3cbea6dda0dc12021-12-22 12:48:23.194root 11241100x80000000000000004033299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886212065bb2ada42021-12-22 12:48:23.195root 11241100x80000000000000004033300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b14b20197163232021-12-22 12:48:23.195root 11241100x80000000000000004033301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d00737711e1d5f02021-12-22 12:48:23.195root 11241100x80000000000000004033302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468b8448c62de1402021-12-22 12:48:23.195root 11241100x80000000000000004033303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedfef8efbe1f33c2021-12-22 12:48:23.195root 11241100x80000000000000004033304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a95c8ac1205f4b2021-12-22 12:48:23.196root 11241100x80000000000000004033305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4212ec6e3639fd172021-12-22 12:48:23.196root 11241100x80000000000000004033306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4414943de97e4b402021-12-22 12:48:23.196root 11241100x80000000000000004033307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607989e0b8ebb2882021-12-22 12:48:23.196root 11241100x80000000000000004033308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b0005e6b6a4de22021-12-22 12:48:23.693root 11241100x80000000000000004033309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfdb6e8d018ee8b2021-12-22 12:48:23.693root 11241100x80000000000000004033310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56f851e06ddc5712021-12-22 12:48:23.694root 11241100x80000000000000004033311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ad96c357204abe2021-12-22 12:48:23.694root 11241100x80000000000000004033312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f41e0fb4ca9f6ce2021-12-22 12:48:23.694root 11241100x80000000000000004033313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac1affd342f2c252021-12-22 12:48:23.694root 11241100x80000000000000004033314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f533e45a53b80cd82021-12-22 12:48:23.694root 11241100x80000000000000004033315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e348a3a619eceb842021-12-22 12:48:23.694root 11241100x80000000000000004033316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82ac1a3994b2f0a2021-12-22 12:48:23.695root 11241100x80000000000000004033317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f28cea07ea3ce2f2021-12-22 12:48:23.695root 11241100x80000000000000004033318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428e391613f46b7d2021-12-22 12:48:23.695root 11241100x80000000000000004033319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f954a1e324a2ea7e2021-12-22 12:48:23.695root 11241100x80000000000000004033320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b6050b331cc0b62021-12-22 12:48:23.695root 11241100x80000000000000004033321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec85fe82d662b152021-12-22 12:48:23.695root 11241100x80000000000000004033322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8f6788e1b3810f2021-12-22 12:48:23.695root 11241100x80000000000000004033323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9becd8477223e2021-12-22 12:48:23.695root 11241100x80000000000000004033324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78eb8e567c90a70f2021-12-22 12:48:23.695root 354300x80000000000000004033325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.125{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56932-false10.0.1.12-8000- 11241100x80000000000000004033326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde4a91468b3dc6d2021-12-22 12:48:24.126root 11241100x80000000000000004033327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d893c0873d4ef9262021-12-22 12:48:24.126root 11241100x80000000000000004033328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f2c142c7b317162021-12-22 12:48:24.127root 11241100x80000000000000004033329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fdd46f4245172a2021-12-22 12:48:24.127root 11241100x80000000000000004033330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a80c93b59501552021-12-22 12:48:24.127root 11241100x80000000000000004033331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eae32e8988d3a082021-12-22 12:48:24.127root 11241100x80000000000000004033332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ba04cd16bdb8252021-12-22 12:48:24.127root 11241100x80000000000000004033333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c13c71d8a8171392021-12-22 12:48:24.127root 11241100x80000000000000004033334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda8b982dbaffb472021-12-22 12:48:24.127root 11241100x80000000000000004033335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723932d09823ddac2021-12-22 12:48:24.127root 11241100x80000000000000004033336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ba9e11388180bb2021-12-22 12:48:24.128root 11241100x80000000000000004033337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7a7d7a65f9582e2021-12-22 12:48:24.128root 11241100x80000000000000004033338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c8a58422a83a2e2021-12-22 12:48:24.128root 11241100x80000000000000004033339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d41d2087e857ed2021-12-22 12:48:24.128root 11241100x80000000000000004033340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c96b1ca4ecc4b22021-12-22 12:48:24.128root 11241100x80000000000000004033341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158fa5a81bb4f5e02021-12-22 12:48:24.128root 11241100x80000000000000004033342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b3ceabf0873a1d2021-12-22 12:48:24.128root 11241100x80000000000000004033343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfb70713f2000672021-12-22 12:48:24.128root 11241100x80000000000000004033344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106d1325145aebbf2021-12-22 12:48:24.128root 11241100x80000000000000004033345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d881626fd94521c2021-12-22 12:48:24.129root 11241100x80000000000000004033346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825200cc4dd803232021-12-22 12:48:24.129root 11241100x80000000000000004033347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6639bf48ea5233b2021-12-22 12:48:24.129root 11241100x80000000000000004033348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f805f78cdd5c3b3e2021-12-22 12:48:24.443root 11241100x80000000000000004033349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bb94b35c0c500d2021-12-22 12:48:24.443root 11241100x80000000000000004033350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cba8f79ac604fa2021-12-22 12:48:24.443root 11241100x80000000000000004033351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4dbd1ac07269a22021-12-22 12:48:24.443root 11241100x80000000000000004033352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44d883a1db0a5582021-12-22 12:48:24.444root 11241100x80000000000000004033353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d107d7e5765f61682021-12-22 12:48:24.444root 11241100x80000000000000004033354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd04f8bfd028a3c2021-12-22 12:48:24.444root 11241100x80000000000000004033355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a5ca0d8d6df3472021-12-22 12:48:24.444root 11241100x80000000000000004033356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fbe64f1abe53202021-12-22 12:48:24.444root 11241100x80000000000000004033357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bada0531029349a2021-12-22 12:48:24.445root 11241100x80000000000000004033358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d63a1325016e23a2021-12-22 12:48:24.445root 11241100x80000000000000004033359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a689244ab28833942021-12-22 12:48:24.445root 11241100x80000000000000004033360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f379a3c3d4a8ac602021-12-22 12:48:24.445root 11241100x80000000000000004033361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68adc58db6a3e1692021-12-22 12:48:24.446root 11241100x80000000000000004033362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eac8060e35758b82021-12-22 12:48:24.446root 11241100x80000000000000004033363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b01960f0614c8e2021-12-22 12:48:24.446root 11241100x80000000000000004033364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5484aee159ccf85d2021-12-22 12:48:24.446root 11241100x80000000000000004033365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cadcf75daf6aae2021-12-22 12:48:24.447root 11241100x80000000000000004033366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95266c0e428ec5a2021-12-22 12:48:24.943root 11241100x80000000000000004033367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deb9010310e0cd72021-12-22 12:48:24.943root 11241100x80000000000000004033368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3c459951cd6e6d2021-12-22 12:48:24.943root 11241100x80000000000000004033369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a29e364580786dd2021-12-22 12:48:24.944root 11241100x80000000000000004033370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0df128315829272021-12-22 12:48:24.944root 11241100x80000000000000004033371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fcee01a37275ce2021-12-22 12:48:24.944root 11241100x80000000000000004033372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0af2f73d422f6872021-12-22 12:48:24.944root 11241100x80000000000000004033373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e23818b468e775f2021-12-22 12:48:24.944root 11241100x80000000000000004033374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333cee7c31d6a50d2021-12-22 12:48:24.944root 11241100x80000000000000004033375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b055579f7ebb78012021-12-22 12:48:24.944root 11241100x80000000000000004033376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6503038eef6a6aa22021-12-22 12:48:24.944root 11241100x80000000000000004033377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c491f53e003abac92021-12-22 12:48:24.944root 11241100x80000000000000004033378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5cdb2af9f2acd02021-12-22 12:48:24.945root 11241100x80000000000000004033379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d576e4492e3164d2021-12-22 12:48:24.945root 11241100x80000000000000004033380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93e174d8d6966282021-12-22 12:48:24.945root 11241100x80000000000000004033381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35f751375e992e42021-12-22 12:48:24.945root 11241100x80000000000000004033382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27681fdbd186ec1d2021-12-22 12:48:24.945root 11241100x80000000000000004033383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:48:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82cb516ea4d58e72021-12-22 12:48:24.945root